Over the past decade, the English-speaking cybercriminal community known as “The COM” has transformed from a niche group trading rare social media usernames (OG handles) into a sophisticated, service-driven underground economy orchestrating global attacks.
From OG Handles to Global Cybercrime Networks
Early forums like Dark0de and RaidForums laid the groundwork for today’s threat actors, fostering skills in data breaches, malware development, and reputation-based trading. Communities such as OGUsers popularized social engineering and SIM-swapping, creating a launchpad for a new generation of attackers—“callers,” “texters,” and credential brokers.
Law enforcement takedowns, including the 2022 seizure of RaidForums, triggered a Migration Effect, blending social manipulation expertise with technical hacking skills. Today, The COM thrives in invite-only Telegram channels, Discord servers, and decentralized networks, making it highly resilient to disruption.
Tactics and Threat Actors
The COM’s backbone is the human element. Attackers deploy advanced social engineering, vishing, phishing, SIM swapping, and insider recruitment to gain privileged access.
Notable groups include:
- Lapsus$ – Leveraged social engineering for access and public spectacle, live-streaming breaches.
- ShinyHunters – Industrialized data exfiltration, monetizing stolen data via as-a-service models.
- Scattered Spider (UNC3944) – Pioneered hybrid attacks mixing voice phishing with persistent internal access, enabling ransomware and extortion campaigns.
The Modern Cybercrime Supply Chain
The COM now operates like a professionalized supply chain, with specialized roles:
- Callers (voice phishers)
- Phishing kit developers
- SIM swappers
- Initial access brokers
- Ransomware affiliates
- Money launderers
This modular approach mirrors legitimate business ecosystems, enabling rapid scaling and innovation while making traditional indicators of compromise nearly obsolete. Attackers leverage trusted cloud hosting, encrypted communication, and short-lived infrastructure to evade detection.
Collaboration with Russian-speaking syndicates on platforms like Exploit.in has further strengthened The COM, granting access to advanced malware and robust laundering networks.
Defending Against The New Frontier
As technical and social attack vectors converge, the weakest link remains the human perimeter. Organizations must adopt:
- Identity-centric defenses
- Phishing-resistant MFA
- Robust helpdesk protections
- Continuous insider threat monitoring
Cybercrime is now both a business and a performance, targeting systems and people alike. The only effective defense is a blend of resilience, awareness, and adaptive response.
