The COM: Anatomy of an English-Speaking Cybercriminal Ecosystem And The Origins of Scattered Lapsus$ Hunters

The report analyzes the evolution of an English‑speaking cybercriminal ecosystem called “The COM,” tracing its roots in OGUsers and RaidForums to a modern, service-oriented criminal market that combines social engineering (callers/texters, SIM swapping) with breach-focused actors (IABs, exfiltration teams). It profiles prominent groups (Lapsus$, ShinyHunters, Scattered Spider, SRG), documents major disruptions and forum takedowns, highlights the modular ‘as‑a‑service’ supply chain that frustrates traditional IOC detection, and recommends identity‑centric defenses, phishing‑resistant MFA, and insider‑focused controls.