Cyber Threat Intelligence Report: The Com, 764, and Associated Groups

Executive Summary

This report examines “The Com” (The Community), its subgroup 764, and associated groups like Scattered Spider, which collectively pose severe threats to vulnerable populations, especially minors. These decentralized networks operate on platforms such as Discord, Telegram, Roblox, and Minecraft, using cybercriminal tactics to perpetrate child sexual exploitation, extortion, self-harm coercion, and violent extremism. The report details their tactics, techniques, and procedures (TTPs), target demographics, and mitigation strategies to counter these evolving threats.

Background

“The Com” is a loosely organized, global network of cybercriminals and extremists, encompassing subgroups like 764, CVLT, Harm Nation, 676, Kaskar, Leak Society, H3ll, and the cybercrime syndicate Scattered Spider. The 764 network, founded in 2021 by Bradley Chance Cadenhead in Stephenville, Texas, is classified as a “tier one” terrorism threat by the FBI and a violent extremist network by the U.S. Department of Justice and the Royal Canadian Mounted Police. These groups target minors aged 8-17, particularly those with mental health vulnerabilities, exploiting them through sextortion, doxxing, and coercion into self-harm and animal cruelty. Scattered Spider, linked to The Com, is known for sophisticated phishing, data theft, and ransomware attacks, often targeting corporate entities but also collaborating with 764 in shared criminal ecosystems.

Threat Actor Profile

Name: The Com / 764 Network / Scattered Spider

Origin: Decentralized, with significant activity in the United States, Canada, Europe, Australia, and beyond.

Motivations: Ideological violent extremism, sexual gratification, financial gain (especially for Scattered Spider), social status, and chaos creation. Some actors are influenced by nihilistic or satanic ideologies, with ties to the Order of Nine Angles (O9A).

Key Figures: Bradley Chance Cadenhead (764 founder), Angel Almeida, Baron Martin, Leonidas Varagiannis (“War”), Prasan Nepal (“Trippy”), and Scattered Spider members like those charged in November 2024 for phishing schemes.

Tactics, Techniques, and Procedures (TTPs)

The Com, 764, and Scattered Spider employ advanced cybercriminal tactics, including:

• Social Engineering: Grooming minors by posing as peers or support figures in gaming communities (e.g., Roblox, Minecraft) or fake suicide prevention chats on Telegram.
• Sextortion and CSAM Production: Coercing victims to produce child sexual abuse material (CSAM) and self-harm content, archived in “LoreBooks” for blackmail.
• Doxxing Validate CSS and Swatting: Using IP grabbing and doxxbins to expose personal information or orchestrate real-world harassment.
• SIM Swapping and IP Grabbing: Stealing phone numbers or IP addresses to facilitate extortion.
• Phishing and Ransomware (Scattered Spider): Conducting phishing campaigns and deploying ransomware to steal data and extort organizations, with ties to The Com’s broader network.
• Cross-Platform Operations: Leveraging Discord, Telegram, and gaming platforms for recruitment, grooming, and extortion.

Target Demographics

Primary targets are minors aged 8-17, often female, with vulnerabilities such as depression, eating disorders, or suicidal ideation. Victims are lured from gaming platforms, social media, or mental health communities. The FBI notes victims as young as 9, with threat actors exploiting trust to escalate harmful behaviors. Scattered Spider targets corporate entities but collaborates with 764 to exploit minors in shared criminal networks.

Impact and Harms

The activities of The Com, 764, and Scattered Spider have severe consequences, including:

• Physical and Psychological Harm: Victims are coerced into self-harm (e.g., cutting “cutsigns”), animal cruelty, and livestreamed suicide attempts.
• Real-World Violence: Incidents include murders, kidnappings, and planned mass casualty events. For example, a 764 member in Spain threatened a mass shooting and bombing in Valencia in February 2025.
• CSAM Proliferation: Thousands of children have been victimized, with CSAM circulated within the network.
• Financial and Data Loss (Scattered Spider): Corporate victims face significant financial losses and data breaches due to phishing and ransomware attacks.
• Societal Impact: The normalization of violence and extremism threatens community safety and digital trust.

Law Enforcement Response

Global law enforcement has intensified efforts to dismantle these networks:

• FBI and DoJ: Arrests include Baron Martin (2024), Bradley Cadenhead, Leonidas Varagiannis, Prasan Nepal, and five Scattered Spider members (2024). Project Safe Childhood enhances victim support.
• International Efforts: Arrests in Italy, Spain, Germany, Australia, and Greece for 764-related crimes, including terrorism and child pornography.
• Intelligence Sharing: The Joint Regional Intelligence Center and Central California Intelligence Center have produced reports on The Com’s tactics.

Mitigation Recommendations

To counter these threats, the following measures are recommended:

• Platform Moderation: Social media and gaming platforms must enhance monitoring of communities related to gore, self-harm, and extremism, with improved cross-platform collaboration via initiatives like the Tech Coalition’s Lantern program.
• Parental Awareness: Educate parents on digital literacy and warning signs, such as sudden behavioral changes or unexpected packages (e.g., razor blades sent by 764 members).
• Victim Support: Strengthen reporting mechanisms like the National Center for Missing and Exploited Children’s CyberTipline and the Take It Down service.
• Cybersecurity Measures: Implement detection for SIM swapping, IP grabbing, phishing, and ransomware tools, and educate users on digital security practices.
• Community Collaboration: Foster information sharing among law enforcement, tech companies, and cybersecurity professionals to disrupt these networks.

Conclusion

The Com, 764, and associated groups like Scattered Spider represent a hybrid threat combining cybercrime, child exploitation, and violent extremism. Their decentralized nature and use of mainstream platforms make them challenging to combat. Coordinated efforts across law enforcement, technology companies, and communities are essential to protect vulnerable populations and disrupt these networks. Continuous monitoring and proactive intelligence sharing will be critical to mitigating this evolving threat.