“The Com” has been a persistent cybersecurity threat for years, but law enforcement agencies are fighting back against what Europol calls an “extremist network” of hackers.
Last week, Europol revealed the initial results of “Project Compass,” an ongoing international operation that launched in January 2025 to tackle The Com and its sprawling network of sub-groups. According to Europol, the operation has so far resulted in the arrests of 30 alleged perpetrators, with 179 members fully or partially identified by investigators.
Notably, Project Compass is led by Europol’s European Counter Terrorism Centre and features partnerships with law enforcement agencies from 28 countries, including the US, the United Kingdom, Canada, and several European Union (EU) member states. Along with the arrests and identification of alleged members, the operation also identified and partially identified 62 victims and “safeguarded” four, according to Europol.
The Com, short for “The Community,” is a loose collective of English-speaking cybercriminals, primarily between the ages of 13 to 25, that engage in a variety of malicious activity as part of sub-groups such as Scattered Spider and Scattered Lapsus$ Hunters.
Europol explained The Com uses social media platforms and messaging applications, as well as online gaming and music streaming platforms, to “recruit, radicalise and exploit young people.” And because it operates with a decentralized structure, the collective and its sub-groups have proven particularly difficult to disrupt.
“These networks deliberately target children in the digital spaces where they feel most at ease,” said Anna Sjöberg, head of Europol’s European Counter Terrorism Centre Project, in a statement. “Compass allows us to intervene earlier, safeguard victims and disrupt those who exploit vulnerability for extremist purposes. No country can address this threat alone — and through this cooperation, we are closing the gaps they try to hide in.”
Project Compass Goals and Targets
Europol provided few details about Project Compass and its results thus far. It’s unclear where and when the arrests were made, what the charges were, and which sub-groups or threat campaigns suspects were allegedly connected to.
However, Europol’s website for the operation states that Project Compass targets “terrorism and violent extremism” along with threats to minors. The website cites one known sub-group within The Com known as “764,” which the US Department of Justice describes as a “nihilistic violent extremist (NVE) network.” Last April, US authorities arrested the two alleged ringleaders of 764.
It’s unclear if these arrests were part of Project Compass. Dark Reading contacted Europol for more information about the operation but the agency did not respond at press time.
The initial results of Project Compass include 30 arrests of alleged members of “The Com.” Source: Europol
Europol splits The Com into three distinct groups of activity: cyber activity, which includes targeting online commerce and infrastructure with data breaches and ransomware; offline activity, which includes physical damage to property, harm to other persons, and “acts of terrorism to promote a violent nihilistic worldview”; and extortion/sextortion activity, in which members extort minors to commit online and offline sex crimes, among other illegal activity.
Europol noted that 764 is “notorious for its recruitment and grooming tactics” along with its violence. The sub-group typically targets minors and coerces them into participating in violent acts and producing explicit content, including child sexual exploitation material (CSAM). Members often use the materials to blackmail victims, according to Europol.
Has Project Compass Made an Impact?
While the number of arrests is significant, The Com has shown that it can withstand aggressive law enforcement actions. In 2024, US authorities arrested and charged several individuals accused of being prominent members of The Com and sub-groups such as Scattered Spider.
However, the collective’s hacking exploits showed no signs of slowing down in 2025. In fact, sub-groups were tied to several high-profile threat campaigns, including Scattered Spider’s attacks on the airline industry and Scattered Lapsus$ Hunters’ breaches of enterprises Salesforce instances.
Europol said Project Compass will continue to work toward building “a reliable network of Member States and Third Countries” to assist with investigations into The Com; promote the exchange of information, intelligence and effective strategies among partner organizations; and assist with current investigations under specialized law enforcement units, such as those focused on counter-terrorism, CSAM, and organized crime.
