Collaborating Cybercrime Collectives Wreak Havoc on Businesses
Collaboration Apparent Amongst Three Prominent Cybercrime Groups
A new alliance between three notorious cybercrime collectives - Scattered Spider, ShinyHunters, and Lapsus$ - has been causing havoc for businesses across various sectors. Known as "The Com," this loose alliance is made up of primarily English-speaking miscreants operating on platforms such as Telegram and Discord.
Members and Affiliations
- Scattered Spider: This group has made a name for itself by using social engineering tactics to gain initial access to high-value targets, particularly in retail, insurance, and aviation sectors. They are considered an English-speaking youth hacking collective.
- ShinyHunters: Originating as a hack-and-leak operation in 2020, ShinyHunters has since expanded into extortion and large-scale data theft, targeting companies like AT&T Wireless, Microsoft, Santander, and Ticketmaster. They are linked to notorious leak forums like BreachForums.
- Lapsus$: Known for extortion and ransomware attacks, Lapsus$ operates with a strong reputation for disrupting enterprises through data theft and threatening public disclosures. They share operational communication channels with the other two groups.
Nature of Their Collaboration
The groups cooperate in a coordinated cybercrime alliance called “The Com,” as evidenced by the creation and usage of joint Telegram communication channels such as “scattered lapsu$ hunters – The Com HQ SCATTERED SP1D3R HUNTERS.” These channels feature data leaks, warnings, taunts, sale offers for stolen data, and promotion of a ransomware-as-a-service platform named “SH1NYSP1D3R.”
Operationally, Scattered Spider gains initial access to major enterprises by exploiting trusted enterprise SaaS tools like Salesforce and Okta. Following this, ShinyHunters conducts data theft and extortion campaigns on a larger scale. Their methods exploit known vulnerabilities such as weak helpdesk identity verification processes and poor multi-factor authentication enforcement.
Summary Table
| Group | Key Role | Notable Tactics | Known Affiliations | |---------------|---------------------------------|---------------------------------------|--------------------------------| | Scattered Spider | Initial access via social engineering | Evolving techniques, use of ransomware (e.g. DragonForce), targeting retail/aviation/insurance | English-speaking youth collective, The Com | | ShinyHunters | Large-scale data theft, extortion | Hack-and-leak origins, cloud account exploitation, ransomware platform “SH1NYSP1D3R” | BreachForums, The Com | | Lapsu$ | Extortion, ransomware attacks | Data leaks, ransom threats, collaboration on communication channels | The Com alliance, Telegram groups |
In conclusion, these groups have merged operationally under “The Com” alliance, combining their complementary cybercrime capabilities to enhance data theft, coordinate extortion campaigns, and increasingly target financial institutions as well as traditional enterprise victims. Companies should train their help desk staff to enforce strong identity verification processes and enforce phishing-resistant multifactor authentication to prevent social-engineering attacks like those used by Scattered Spider.
- The collaboration among cybercrime collectives Scattered Spider, ShinyHunters, and Lapsus$, operating under the alliance "The Com", has risen to prominence through the use of disruptive technologies such as ransomware and cloud-based data theft.
- These groups are active on platforms like Telegram and Discord, where they coordinate their activities and promote ransomware-as-a-service platforms like "SH1NYSP1D3R".
- The enterprises at risk from this alliance should focus on strengthening their security measures, particularly in databases, by enforcing phishing-resistant multifactor authentication and improving helpdesk identity verification processes.
- AI and other advanced technologies can play a crucial role in enterprise cybersecurity, helping businesses detect and respond to threats like those posed by "The Com" in a timely and effective manner.
