In 2023, a significant cyberattack targeted two leading Las Vegas casinos, including MGM Resorts. What started as a headline-grabbing event soon revealed a far more disturbing trend—an alliance between English-speaking hackers from the U.S. and U.K. and Russian ransomware gangs. These young hackers are not only engaging in cybercrime but are also involved in harmful online communities that target vulnerable teenagers, leading to real-world consequences such as physical and emotional harm.
The MGM Breach and Social Engineering
In September 2023, the Russian ransomware group ALPHV (also known as BlackCat) claimed responsibility for an attack that shut down MGM Resorts’ operations. A 17-year-old hacker from the U.K. involved in the breach disclosed that the attack was initiated by a simple social engineering trick—one of the hackers posed as a staff member and convinced MGM’s tech support to reset a password, allowing access to their systems.
This hacking group, called “Scattered Spider” by CrowdStrike, operates across Telegram and Discord servers, forming part of a larger cybercriminal network known as “The Com.” Within these online communities, hackers collaborate, boast about their attacks, and engage in malicious activities to gain status.
Financial Crime Meets Real-World Violence
Although The Com appears to focus on financial cybercrime, it harbors more dangerous elements. Some of its members are involved in real-world violent activities, often driven by these online interactions. Despite the public spectacle that accompanied Scattered Spider’s actions, including CrowdStrike’s display of action figures at a cybersecurity conference, the truth behind these hackers goes far deeper into criminality.
One of the key figures in this network, known online as “@Holy,” took credit for participating in the MGM attack. However, @Holy’s activities extended far beyond ransomware. In addition to holding high-value Telegram usernames like @bomb and @nazi, this individual was connected to online groups that exploit and extort teenagers. These groups often push victims into self-harm and violent acts, documenting the abuse for further manipulation.
Harm Groups Targeting the Vulnerable
Among the most notorious of these groups is “764,” which preys on children through platforms like Discord, Minecraft, and Telegram. These cybercriminals engage in tactics such as sextortion, not for monetary gain but to exercise control and humiliation. In many cases, their ultimate goal is radicalizing young victims and pushing them toward violence. Other groups involved in these horrific actions include CVLT, Court, and Leak Society, all of which have been linked to incidents involving self-harm, violence against family members, and even suicide.
Arrests and Ongoing Investigations
Authorities arrested @Holy in the U.K. in July 2024, unveiling a history of involvement with other hacking collectives like LAPSUS$, known for attacks on tech giants such as Microsoft, Samsung, and T-Mobile. @Holy’s arrest highlighted the ongoing danger posed by these individuals, who blur the line between cybercrime and personal harm.
In another case, a group led by a hacker known as “@Judische” (also referred to as “Waifu”) stole massive amounts of customer data from companies like AT&T and TicketMaster. This group, attributed to UNC5537 by Mandiant, was involved in SIM-swapping, a tactic used to hijack phone numbers and intercept calls and texts. The group’s global reach includes members from North America and Turkey, such as John Erin Binns, who was previously indicted for a breach at T-Mobile.
The Blending of Cybercrime and Real-World Harm
One of the most troubling cases emerged in 2024 when two American men, Sagar Singh and Nicholas Ceraolo, pleaded guilty to hacking a Drug Enforcement Agency (DEA) portal. They used their access to stalk and harass individuals. Both men were part of the SIM-swapping community and had a history of fabricating fake law enforcement requests to obtain sensitive victim information.
The leader of ViLE, another harm group, runs a doxing forum where personal details of victims are bought and sold, leading to ongoing harassment and swatting incidents. This blend of online harassment and real-world violence represents a growing and alarming trend in cybercrime.
A New Breed of Criminals
As cybercriminals increasingly engage in both financial crime and physical harm, these online networks are becoming a breeding ground for a dangerous new wave of hackers. The Com, along with its associated groups, poses a much broader threat than financial losses—its members are committed to inflicting psychological and physical harm on victims. Without serious intervention, these groups will continue to evolve, bringing their blend of cybercrime and real-world violence to more vulnerable targets.
How Can Netizen Help?
Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time.
We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type.
Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.
Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans.
