Executive Summary
In January 2025, Europol initiated 'Project Compass,' a collaborative effort involving law enforcement agencies from 28 countries, including the United States, to dismantle 'The Com,' a decentralized cybercriminal network notorious for targeting minors through cyberattacks, extortion, and exploitation. Over the course of a year, this operation led to the arrest of 30 individuals and the identification of 179 suspects associated with The Com. Authorities also identified 62 victims, directly safeguarding four of them from further harm. The Com's activities encompassed a range of cybercrimes, including ransomware attacks on prominent organizations and the coercion of minors into producing explicit content. (cyberscoop.com)
The significance of this operation lies in its demonstration of the effectiveness of international cooperation in combating complex cybercriminal networks. The Com's exploitation of digital platforms to recruit and victimize young individuals underscores the urgent need for enhanced cybersecurity measures and public awareness to protect vulnerable populations from such threats. (infosecurity-magazine.com)
Why This Matters Now
The recent crackdown on The Com highlights the evolving nature of cyber threats targeting minors, emphasizing the critical need for continuous vigilance, international collaboration, and proactive measures to safeguard vulnerable individuals in digital spaces.
Attack Path Analysis
The Com cybercrime group initiated attacks by exploiting social engineering techniques to gain initial access. They escalated privileges through credential theft and abuse of misconfigured IAM roles. The attackers moved laterally within cloud environments by exploiting weak access controls. They established command and control channels using encrypted communications to evade detection. Sensitive data was exfiltrated through covert channels. The attacks culminated in deploying ransomware, leading to data encryption and operational disruption.
Kill Chain Progression
Initial Compromise
Description
The Com utilized social engineering tactics, such as phishing and SIM swapping, to obtain initial access to target systems.
MITRE ATT&CK® Techniques
Techniques identified for SEO/filtering; may be expanded with full STIX/TAXII enrichment later.
Phishing
Command and Scripting Interpreter
Application Layer Protocol
Exfiltration Over C2 Channel
Data Encrypted for Impact
Exploit Public-Facing Application
Process Injection
System Information Discovery
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Ensure all system components and software are protected from known vulnerabilities
Control ID: 6.2
NYDFS 23 NYCRR 500 – Encryption of Nonpublic Information
Control ID: 500.15
DORA – ICT Risk Management Framework
Control ID: Article 6
CISA Zero Trust Maturity Model 2.0 – Implement Strong Authentication Mechanisms
Control ID: Identity Pillar
NIS2 Directive – Cybersecurity Risk Management Measures
Control ID: Article 21
Children's Online Privacy Protection Act (COPPA) – Notice to Parents
Control ID: Section 312.4
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Computer Software/Engineering
High ransomware and network intrusion risks from cybercrime collectives targeting critical infrastructure, requiring enhanced segmentation and egress security controls.
Retail Industry
Direct targeting evidenced by Marks & Spencer, Co-op, and Harrods breaches demonstrates elevated ransomware and data exfiltration risks.
Gambling/Casinos
Las Vegas casino breaches highlight vulnerability to sophisticated cybercrime groups using social engineering and lateral movement techniques for extortion.
Primary/Secondary Education
Critical risk from targeting children and teenagers across digital platforms for exploitation, requiring comprehensive monitoring and protection measures.
Sources
- Europol-led crackdown on The Com hackers leads to 30 arrestshttps://www.bleepingcomputer.com/news/security/police-crackdown-on-the-com-cybercrime-gang-leads-to-30-arrests/Verified
- Project Compass is Europol’s new playbook for taking on The Comhttps://cyberscoop.com/project-compass-the-com-europol/Verified
- The Com: Theft, Extortion, and Violence are a Rising Threat to Youth Onlinehttps://www.ic3.gov/PSA/2025/PSA250723-3Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it could have constrained the attacker's ability to escalate privileges, move laterally, and exfiltrate data within the cloud environment, thereby reducing the overall blast radius.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: While Aviatrix CNSF primarily focuses on network-level controls, it could have limited the attacker's ability to exploit compromised credentials by enforcing strict network segmentation and access controls.
Control: Zero Trust Segmentation
Mitigation: Aviatrix Zero Trust Segmentation could have limited the attacker's ability to escalate privileges by enforcing strict access controls and minimizing the scope of accessible resources.
Control: East-West Traffic Security
Mitigation: Aviatrix East-West Traffic Security could have restricted the attacker's lateral movement by monitoring and controlling internal traffic flows, thereby reducing the attack surface.
Control: Multicloud Visibility & Control
Mitigation: Aviatrix Multicloud Visibility & Control could have detected and constrained the establishment of command and control channels by providing comprehensive monitoring across cloud environments.
Control: Egress Security & Policy Enforcement
Mitigation: Aviatrix Egress Security & Policy Enforcement could have limited data exfiltration by controlling and monitoring outbound traffic, thereby reducing unauthorized data transfers.
While Aviatrix CNSF focuses on network-level controls, its implementation could have reduced the overall impact by limiting the attacker's ability to spread ransomware across the environment.
Impact at a Glance
Affected Business Functions
- n/a
Estimated downtime: N/A
Estimated loss: N/A
n/a
Recommended Actions
Key Takeaways & Next Steps
- • Implement Zero Trust Segmentation to enforce least privilege access and limit lateral movement.
- • Deploy Egress Security & Policy Enforcement to monitor and control outbound traffic, preventing data exfiltration.
- • Utilize Encrypted Traffic (HPE) to secure data in transit and detect unauthorized communications.
- • Enhance Threat Detection & Anomaly Response capabilities to identify and respond to suspicious activities promptly.
- • Establish Multicloud Visibility & Control to maintain comprehensive oversight across cloud environments.
