"The Com" has been a significant cybersecurity threat for years, but law enforcement agencies are taking action against what Europol describes as an "extremist network" of hackers.
Recently, Europol announced the initial outcomes of "Project Compass," an international initiative that commenced in January 2025 to confront The Com and its extensive network of sub-groups. The operation has led to the arrests of 30 alleged offenders, with investigators identifying 179 members either fully or partially.
Project Compass is spearheaded by Europol's European Counter Terrorism Centre and involves cooperation with law enforcement agencies from 28 countries, including the United States, the United Kingdom, Canada, and various European Union member states. In addition to the arrests, the operation has identified and partially identified 62 victims and has provided support to four of them, according to Europol.
The Com, short for "The Community," is a loose assembly of English-speaking cybercriminals, primarily aged 13 to 25, who engage in various types of malicious activities through sub-groups such as Scattered Spider and Scattered Lapsus$ Hunters.
Europol explained that The Com utilizes social media platforms and messaging applications, along with online gaming and music streaming services, to recruit, radicalize, and exploit young individuals. Due to its decentralized structure, the collective and its sub-groups have been particularly challenging to disrupt.
Anna Sjöberg, head of Europol’s European Counter Terrorism Centre Project, stated, "These networks deliberately target children in the digital spaces where they feel most at ease. Compass allows us to intervene earlier, safeguard victims, and disrupt those who exploit vulnerability for extremist purposes. No country can address this threat alone, and through this cooperation, we are closing the gaps they try to hide in."
Project Compass Goals and Targets
Europol has provided limited information about Project Compass and its outcomes thus far. It remains unclear where and when the arrests occurred, the specific charges, and which sub-groups or threat campaigns the suspects were allegedly connected to.
However, Europol's operation details indicate that Project Compass targets "terrorism and violent extremism" along with threats to minors. One noted sub-group within The Com is identified as "764," which the US Department of Justice describes as a "nihilistic violent extremist (NVE) network." In April of last year, US authorities arrested the two alleged leaders of 764.
It is uncertain if these arrests were part of Project Compass. Dark Reading reached out to Europol for further details about the operation, but the agency did not respond by the time of publication.
Europol categorizes The Com into three distinct areas of activity: cyber activity, which includes targeting online commerce and infrastructure through data breaches and ransomware; offline activity, which involves physical damage to property, harm to individuals, and acts of terrorism promoting a violent nihilistic worldview; and extortion/sextortion activity, where members extort minors to engage in online and offline sex crimes, among other illegal actions.
Europol noted that the sub-group 764 is "notorious for its recruitment and grooming tactics" along with its violent behavior. This group typically targets minors, coercing them into participating in violent acts and producing explicit content, including child sexual exploitation material (CSAM). Members often use this material to blackmail victims.
Has Project Compass Made an Impact?
While the number of arrests is substantial, The Com has demonstrated resilience against aggressive law enforcement measures. In 2024, US authorities arrested and charged several individuals accused of being prominent members of The Com and sub-groups like Scattered Spider.
Despite these actions, the collective's hacking activities have shown no signs of slowing down in 2025. In fact, various sub-groups have been linked to several high-profile threat campaigns, including attacks on the airline industry by Scattered Spider and breaches of Salesforce instances by Scattered Lapsus$ Hunters.
Europol stated that Project Compass will continue its efforts to establish a reliable network of member states and third countries to assist in investigations into The Com. The initiative aims to promote the exchange of information, intelligence, and effective strategies among partner organizations, as well as support ongoing investigations by specialized law enforcement units focused on counter-terrorism, CSAM, and organized crime.
