Europol recently shared the initial outcomes of Project Compass, an international collaborative effort launched in January 2025 to address the decentralized network known as "The Com." According to Europol, the operation has led to the arrests of 30 alleged participants, with investigators fully or partially identifying 179 individuals associated with the network.
Led by Europol’s European Counter Terrorism Centre, Project Compass involves law enforcement partnerships across 28 countries, including the US, the UK, Canada, and several EU member states. In addition to identifying alleged members, the operation located 62 affected individuals and successfully safeguarded four minors from further harm.
The Com, short for "The Community," is a loosely organized collective primarily composed of English-speaking individuals between the ages of 13 and 25. The network operates through various sub-groups, including those tracked by security researchers as Scattered Spider and Scattered Lapsus$ Hunters. Europol notes that the network utilizes social media, messaging applications, and gaming platforms to recruit and manipulate young people. Its decentralized structure has historically made the collective difficult to map and disrupt.
"These networks deliberately target children in the digital spaces where they feel most at ease," said Anna Sjöberg, head of Europol’s European Counter Terrorism Centre Project, in a public statement. "Compass allows us to intervene earlier, safeguard victims and disrupt those who exploit vulnerability for extremist purposes. No country can address this threat alone — and through this cooperation, we are closing the gaps they try to hide in."
Project Compass objectives and scope
Europol categorizes The Com's operations into three primary areas:
Cyber activity: Focuses on unauthorized access to commercial infrastructure, data exposure, and ransomware deployment.
Offline activity: Includes property damage, physical harm to others, and acts of violence.
Extortion and coercion: Involves the manipulation of minors into producing explicit content, participating in illegal activities, or self-harm.
Project Compass prioritizes identifying groups that present severe risks to public safety and minors. For example, the operation targets sub-groups like "764," which the US Department of Justice previously identified as a violent extremist network known for severe coercion tactics and the distribution of child sexual exploitation material (CSAM).
Alongside physical safety concerns, sub-groups like Scattered Spider remain a continuous focus for enterprise security teams. Despite previous law enforcement actions in 2024, including the arrests of alleged key members, these groups have maintained consistent operational tempos into 2025, regularly interacting with high-profile corporate environments.
Evolving security challenges and defensive steps
Recent security research indicates that sub-groups within The Com continue to refine their methodologies. Groups associated with Scattered Spider have demonstrated highly effective identity-centric techniques, focusing on social engineering, multi-factor authentication (MFA) manipulation, and the takeover of highly privileged accounts in cloud environments.
Analysts have also observed these actors forming strategic alliances with established ransomware-as-a-service (RaaS) operations, such as DragonForce. This shift allows the network to transition from customized, off-the-shelf tooling to more sophisticated malware kits. In response, security researchers have begun using specialized methods, such as synthetic data environments, to safely map the reconnaissance paths of these actors and gather intelligence on their tooling without risking real proprietary data.
Europol states that Project Compass will continue building a reliable network of international partners to allow intelligence exchange and support ongoing investigations into organized crime and counter-terrorism.
For security practitioners, the continued activity of these groups validates the need to prioritize identity protection. Organizations can strengthen their defensive posture by securing privileged access, monitoring for dynamic DNS anomalies, and implementing phishing-resistant authentication methods to mitigate the specific social engineering techniques these unauthorized actors favor.