Executive Summary
In January 2025, Europol initiated Project Compass, a coordinated international effort involving 28 countries, including all Five Eyes nations, to dismantle 'The Com,' a decentralized network of minors and young adults engaged in cybercrime, extortion, and physical violence. Over the past year, this operation has led to the arrest of 30 individuals, the identification of 179 perpetrators, and the safeguarding of 62 victims. The Com operates across various online platforms, making it challenging to disrupt due to its fragmented structure. (cyberscoop.com)
The significance of this operation lies in its demonstration of effective international collaboration in combating complex cybercriminal networks. The Com's activities, including high-profile ransomware attacks and exploitation of vulnerable individuals, underscore the evolving nature of cyber threats. Project Compass highlights the necessity for continuous global cooperation and adaptive strategies to address such multifaceted cybercrime challenges. (helpnetsecurity.com)
Why This Matters Now
The Com's sophisticated use of online platforms to recruit and exploit minors presents an urgent and evolving cyber threat. Project Compass exemplifies the critical need for international collaboration and adaptive strategies to effectively combat such decentralized and complex cybercriminal networks. (cyberscoop.com)
Attack Path Analysis
The Com initiated their attack by exploiting cloud service misconfigurations to gain unauthorized access. They then escalated privileges by compromising IAM roles, allowing broader access within the cloud environment. Utilizing this access, they moved laterally across cloud resources to identify and access sensitive data. Established command and control channels enabled them to maintain persistent access and exfiltrate data. The exfiltrated data was then used to extort victims, leading to significant operational and reputational damage.
Kill Chain Progression
Initial Compromise
Description
The attackers exploited misconfigured cloud services to gain unauthorized access to the cloud environment.
MITRE ATT&CK® Techniques
Techniques identified for SEO/filtering; may be expanded with full STIX/TAXII enrichment later.
Phishing
Application Layer Protocol
Command and Scripting Interpreter
Account Manipulation
Exploitation of Remote Services
OS Credential Dumping
System Information Discovery
Exfiltration Over C2 Channel
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Ensure that security policies and operational procedures for managing firewalls are documented, in use, and known to all affected parties.
Control ID: 6.4.3
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA – ICT Risk Management Framework
Control ID: Article 5
CISA ZTMM 2.0 – Identity and Access Management
Control ID: 3.1
NIS2 Directive – Cybersecurity Risk Management Measures
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Primary/Secondary Education
Educational institutions face critical exposure to The Com's targeted child exploitation networks, requiring enhanced zero trust segmentation and threat detection capabilities.
Law Enforcement
Law enforcement agencies need advanced multicloud visibility and encrypted traffic analysis tools to combat The Com's sophisticated identity masking and financial laundering operations.
Financial Services
Financial sector requires robust egress security and anomaly detection systems to prevent The Com's money laundering activities and unauthorized financial transactions.
Information Technology/IT
IT organizations must implement comprehensive threat detection and cloud native security fabric solutions to protect against The Com's complex cybercriminal network operations.
Sources
- Project Compass is Europol’s new playbook for taking on The Comhttps://cyberscoop.com/project-compass-the-com-europol/Verified
- ‘Project Compass’ Cracks Down on ‘The Com’: 30 Members of Notorious Cybercrime Gang Arrestedhttps://www.infosecurity-magazine.com/news/project-compass-com-arrests/Verified
- Europol goes after The Com’s ransomware and extortion networkshttps://www.helpnetsecurity.com/2026/02/27/europol-the-com-network-arrests/Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it could have constrained the attacker's ability to exploit misconfigurations, escalate privileges, and move laterally, thereby reducing the overall blast radius.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: The attacker's ability to exploit misconfigured services would likely be constrained, limiting unauthorized access.
Control: Zero Trust Segmentation
Mitigation: The attacker's ability to escalate privileges would likely be constrained, reducing the scope of unauthorized access.
Control: East-West Traffic Security
Mitigation: The attacker's lateral movement would likely be constrained, reducing the reachability to sensitive data.
Control: Multicloud Visibility & Control
Mitigation: The attacker's ability to establish command and control channels would likely be constrained, reducing persistent access.
Control: Egress Security & Policy Enforcement
Mitigation: The attacker's ability to exfiltrate data would likely be constrained, reducing data loss.
The attacker's ability to leverage exfiltrated data for extortion would likely be constrained, reducing operational and reputational damage.
Impact at a Glance
Affected Business Functions
- Customer Data Management
- Online Payment Processing
- E-commerce Operations
- Customer Support Services
Estimated downtime: 14 days
Estimated loss: $1,000,000
Personal and financial information of customers, including payment details and contact information.
Recommended Actions
Key Takeaways & Next Steps
- • Implement Zero Trust Segmentation to enforce least privilege access and prevent lateral movement within the cloud environment.
- • Utilize East-West Traffic Security to monitor and control internal traffic, detecting unauthorized movements.
- • Deploy Multicloud Visibility & Control tools to gain comprehensive insights into cloud activities and detect anomalies.
- • Enforce Egress Security & Policy Enforcement to control outbound traffic and prevent unauthorized data exfiltration.
- • Establish Threat Detection & Anomaly Response mechanisms to identify and respond to suspicious activities promptly.
