Project Compass: Unveiling the Arrests in 'The Com' Cybercrime Network
Executive Summary
In January 2025, Europol initiated Project Compass, a coordinated international operation targeting 'The Com,' a decentralized cybercriminal collective known for engaging in ransomware attacks, financial extortion, and the exploitation of minors. Over the course of the year, the operation led to the arrest of 30 individuals and the identification of 179 additional suspects across 28 countries. Investigators also identified 62 victims, with four being directly safeguarded from further harm. 'The Com' primarily consists of English-speaking individuals aged 16 to 25, who utilize social media platforms, messaging applications, and online gaming environments to recruit and exploit young people. The group's decentralized structure and use of various online platforms have made it particularly challenging for law enforcement to disrupt their activities. The success of Project Compass underscores the importance of international collaboration in combating cybercrime and highlights the ongoing threat posed by such decentralized networks. (helpnetsecurity.com)
The significance of this operation is underscored by the increasing prevalence of cybercriminal groups targeting vulnerable populations through online platforms. The arrest of key members of 'The Com' serves as a critical reminder of the need for continuous vigilance and proactive measures to protect minors from online exploitation. Additionally, the operation highlights the evolving tactics of cybercriminals, who are increasingly leveraging decentralized networks and social engineering techniques to perpetrate their crimes. (darkreading.com)
Why This Matters Now
The recent arrests of 'The Com' members highlight the urgent need for enhanced cybersecurity measures to protect minors from online exploitation. As cybercriminals increasingly target vulnerable populations through social media and gaming platforms, it is imperative for law enforcement agencies, technology companies, and communities to collaborate in safeguarding young individuals from such threats.
Attack Path Analysis
The Com initiated their attack by exploiting cloud misconfigurations to gain initial access. They then escalated privileges by compromising IAM roles, enabling them to move laterally across cloud environments. Establishing command and control channels, they exfiltrated sensitive data to external servers. The attack culminated in deploying ransomware, disrupting business operations.
Kill Chain Progression
Initial Compromise
Description
The Com exploited misconfigured cloud storage services to gain unauthorized access to sensitive data.
MITRE ATT&CK® Techniques
Techniques identified for SEO/filtering; may be expanded with full STIX/TAXII enrichment later.
Gather Victim Organization Information
Acquire Infrastructure
Phishing
Command and Scripting Interpreter
Valid Accounts
OS Credential Dumping
Exfiltration Over C2 Channel
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Security Testing of Public-Facing Applications
Control ID: 6.4.3
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA – ICT Risk Management Framework
Control ID: Article 5
CISA ZTMM 2.0 – Identity Management and Access Control
Control ID: Identity Pillar
NIS2 Directive – Cybersecurity Risk Management Measures
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Banking/Mortgage
Financial institutions face elevated risks from The Com's cybercriminal operations, requiring enhanced zero trust segmentation and encrypted traffic monitoring capabilities.
Financial Services
Cybercriminal collective targeting necessitates strengthened egress security, threat detection systems, and comprehensive compliance with PCI and regulatory frameworks.
Government Administration
Public sector agencies must implement multicloud visibility controls and anomaly detection to defend against sophisticated cybercriminal collective infiltration attempts.
Law Enforcement
Project Compass demonstrates critical need for advanced threat intelligence capabilities and secure hybrid connectivity to combat organized cybercriminal operations effectively.
Sources
- 30 Alleged Members of 'The Com' Arrested in Project Compasshttps://www.darkreading.com/threat-intelligence/30-alleged-members-the-com-arrested-project-compassVerified
- Europol-led crackdown on The Com hackers leads to 30 arrestshttps://www.bleepingcomputer.com/news/security/police-crackdown-on-the-com-cybercrime-gang-leads-to-30-arrests/Verified
- FBI warns of cybercrime subculture: The Comhttps://cybernews.com/security/sinister-cybercrime-subculture-the-com-targeting-youth-fbi/Verified
- Internet Crime Complaint Center (IC3) | The Com: Theft, Extortion, and Violence are a Rising Threat to Youth Onlinehttps://www.ic3.gov/PSA/2025/PSA250723-3Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it could have significantly limited the attacker's ability to exploit misconfigurations, escalate privileges, move laterally, establish command channels, exfiltrate data, and deploy ransomware, thereby reducing the overall blast radius.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: Implementing Aviatrix CNSF would likely have constrained unauthorized access by enforcing strict identity-based policies, thereby reducing the attacker's ability to exploit misconfigured storage services.
Control: Zero Trust Segmentation
Mitigation: Aviatrix Zero Trust Segmentation would likely have restricted the attacker's ability to escalate privileges by enforcing least-privilege access controls, thereby limiting unauthorized access within the cloud environment.
Control: East-West Traffic Security
Mitigation: Aviatrix East-West Traffic Security would likely have limited the attacker's lateral movement by monitoring and controlling internal traffic, thereby reducing unauthorized access to additional resources.
Control: Multicloud Visibility & Control
Mitigation: Aviatrix Multicloud Visibility & Control would likely have detected and constrained unauthorized command and control channels, thereby reducing the attacker's ability to maintain persistent access.
Control: Egress Security & Policy Enforcement
Mitigation: Aviatrix Egress Security & Policy Enforcement would likely have restricted unauthorized data exfiltration by controlling outbound traffic, thereby reducing the risk of sensitive data being transferred to external servers.
While Aviatrix CNSF could have limited the attacker's progression through earlier stages, the deployment of ransomware may still have occurred, potentially affecting critical data and disrupting operations.
Impact at a Glance
Affected Business Functions
- Customer Data Management
- Online Services
- Financial Transactions
Estimated downtime: N/A
Estimated loss: N/A
Potential exposure of sensitive customer data due to cyberattacks and extortion activities.
Recommended Actions
Key Takeaways & Next Steps
- • Implement Zero Trust Segmentation to enforce least privilege access and limit lateral movement.
- • Utilize East-West Traffic Security to monitor and control internal traffic, detecting unauthorized movements.
- • Deploy Egress Security & Policy Enforcement to prevent unauthorized data exfiltration.
- • Establish Multicloud Visibility & Control to gain comprehensive insights across cloud environments.
- • Integrate Threat Detection & Anomaly Response systems to identify and respond to suspicious activities promptly.
