In a highly unusual marriage in the cybercrime underground, English-speaking members of “the Comm,” a wide spanning entity that includes SIM swappers and physically violent criminals, are working with the Eastern European ransomware group called ALPHV, two cybersecurity industry sources told 404 Media. 404 Media granted the sources anonymity to speak more candidly about developments in the cybercrime ecosystem. ALPHV is connected to the recent hack of MGM casinos.
The unlikely bedfellows make powerful partners in crime. Members of the Comm can be highly adept at social engineering, using their native English language skills to take over targets’ phone numbers or sweet talk their way into corporate systems. But they are also unusually audacious in their hacks, showing off their wealth or using threats of violence against targets that other, more stealthy hackers may avoid. Combine that brazenness with the highly professionalized world of Eastern European ransomware-as-a-service, and you have a new alliance that is wreaking havoc across all sorts of industries.
Multiple cybersecurity firms have published research on a loosely defined entity known as “Scattered Spider,” with researchers also using the terms “UNC3994” and “0ktapus” to label similar clusters of activity. On Wednesday, Microsoft published its own blog post which laid out some of the techniques used by what the company calls “Octo Tempest,” which Microsoft says “overlaps” with research into Scattered Spider. Scattered Spider has been widely reported as an entity involved in the hack and subsequent ransom of MGM casinos last month, which led to over $100 million in damages. The ransomware side of the operation—that is, the software used to lock down MGM computers—was from ALPHV, an Eastern European ransomware group.