Collaborating Cybercrime Collectives Wreak Havoc on Businesses
Collaboration Apparent Amongst Three Prominent Cybercrime Groups
A new alliance between three notorious cybercrime collectives - Scattered Spider, ShinyHunters, and Lapsus$ - has been causing havoc for businesses across various sectors. Known as "The Com," this loose alliance is made up of primarily English-speaking miscreants operating on platforms such as Telegram and Discord.
Members and Affiliations
- Scattered Spider: This group has made a name for itself by using social engineering tactics to gain initial access to high-value targets, particularly in retail, insurance, and aviation sectors. They are considered an English-speaking youth hacking collective.
- ShinyHunters: Originating as a hack-and-leak operation in 2020, ShinyHunters has since expanded into extortion and large-scale data theft, targeting companies like AT&T Wireless, Microsoft, Santander, and Ticketmaster. They are linked to notorious leak forums like BreachForums.
- Lapsus$: Known for extortion and ransomware attacks, Lapsus$ operates with a strong reputation for disrupting enterprises through data theft and threatening public disclosures. They share operational communication channels with the other two groups.
Nature of Their Collaboration
The groups cooperate in a coordinated cybercrime alliance called “The Com,” as evidenced by the creation and usage of joint Telegram communication channels such as “scattered lapsu$ hunters – The Com HQ SCATTERED SP1D3R HUNTERS.” These channels feature data leaks, warnings, taunts, sale offers for stolen data, and promotion of a ransomware-as-a-service platform named “SH1NYSP1D3R.”
Operationally, Scattered Spider gains initial access to major enterprises by exploiting trusted enterprise SaaS tools like Salesforce and Okta. Following this, ShinyHunters conducts data theft and extortion campaigns on a larger scale. Their methods exploit known vulnerabilities such as weak helpdesk identity verification processes and poor multi-factor authentication enforcement.
Summary Table
| Group | Key Role | Notable Tactics | Known Affiliations | |---------------|---------------------------------|---------------------------------------|--------------------------------| | Scattered Spider | Initial access via social engineering | Evolving techniques, use of ransomware (e.g. DragonForce), targeting retail/aviation/insurance | English-speaking youth collective, The Com | | ShinyHunters | Large-scale data theft, extortion | Hack-and-leak origins, cloud account exploitation, ransomware platform “SH1NYSP1D3R” | BreachForums, The Com | | Lapsu$ | Extortion, ransomware attacks | Data leaks, ransom threats, collaboration on communication channels | The Com alliance, Telegram groups |
In conclusion, these groups have merged operationally under “The Com” alliance, combining their complementary cybercrime capabilities to enhance data theft, coordinate extortion campaigns, and increasingly target financial institutions as well as traditional enterprise victims. Companies should train their help desk staff to enforce strong identity verification processes and enforce phishing-resistant multifactor authentication to prevent social-engineering attacks like those used by Scattered Spider.
Read also:
- Senators pressure nominated leader of CISA on election security concerns, focus of agency highlighted
- Digital passwords come under pressure as major tech companies move towards strengthened security measures
- Blockaid's security services now integrated into D'CENT Wallet, enhancing Web3's safety measures.
- Osteoporosis: Factors Influencing Risk, Identification Methods, and Medical Interventions
