editorially independent. We may make money when you click on links
to our partners.
Learn More
A yearlong international crackdown has led to 30 arrests tied to “The Com,” a decentralized cybercrime collective accused of targeting children and teenagers across digital platforms.
Coordinated by Europol and involving law enforcement agencies from 28 countries, the operation — codenamed Project Compass — resulted in the arrest of 30 suspects, linked 179 additional individuals to the network, and partially identified 62 victims.
“Within The Com, group 764 is notorious for its recruitment and grooming tactics, as well as its levels of violence,” said Europol in its press release.
Launched in January 2025 and coordinated by Europol’s European Counter Terrorism Centre, Project Compass was designed to dismantle The Com (short for “Community”), a decentralized online collective described by Europol as a nihilistic extremist network.
The group operates across social media platforms, online gaming environments, messaging apps, and music streaming services — digital spaces where young users are highly active.
Over the course of the yearlong investigation, law enforcement agencies from 28 countries collaborated to identify suspects, share intelligence across borders, and directly safeguard four victims from ongoing exploitation.
A Decentralized and Hard-to-Disrupt Network
The case highlights the complexity of confronting loosely organized online collectives that blur the lines between cybercrime, extremist ideology, and child exploitation.
Unlike traditional criminal organizations that often have clear leadership structures, The Com functions as a network of interconnected subgroups operating across jurisdictions and digital ecosystems.
This decentralized model makes unilateral enforcement ineffective and requires coordinated multinational efforts to disrupt.
The Com’s Subgroups and Tactics
According to Europol, The Com comprises multiple subgroups with distinct but overlapping objectives. Offline Com promotes real-world violence, property damage, and extremist activity.
Cyber Com is linked to network intrusions and ransomware attacks targeting businesses and institutions.
(S)extortion Com focuses on coercing minors into producing explicit material and, in some cases, encouraging self-harm or suicide.
These branches illustrate how the network combines online manipulation with both financial and ideological motivations.
Subgroup 764 and Broader Criminal Links
One particularly notorious subgroup, known as 764, first surfaced publicly in 2021 and has been associated with grooming minors and using explicit content for blackmail within the network.
In April 2025, two alleged leaders of 764 — Leonidas Varagiannis and Prasan Nepal — were arrested and charged with operating an international child exploitation ring. Both individuals are reportedly facing potential life sentences.
Beyond exploitation activities, The Com has also been linked to high-profile ransomware incidents, including attacks against British retailers Marks & Spencer, Co-op, and Harrods in April 2025, as well as breaches involving Las Vegas casinos in September 2023.
This convergence of extremist messaging, online grooming, and financially motivated cybercrime reflects a broader trend in which decentralized digital communities evolve into multi-faceted threat actors operating across ideological and criminal domains.
Reducing Risk in Digital Communities
As online platforms continue to grow, so do the challenges facing young users and the organizations that support them.
Risks now span both social and technical domains, making it important to take a structured and balanced approach to security.
Protecting youth-facing environments involves more than content moderation; it also requires strong identity controls, ongoing monitoring, and clear response procedures.
- Monitor youth-facing platforms and internal systems for grooming patterns, coordinated harassment, extremist recruitment signals, and suspicious cross-platform activity.
- Strengthen identity security with phishing-resistant MFA, anomaly-based login detection, and strict least-privilege access controls.
- Deploy behavioral threat detection, advanced content moderation, and AI-assisted monitoring to identify sextortion, coercion, and exploitation attempts early.
- Implement zero trust network segmentation and ransomware resilience measures to limit lateral movement and reduce blast radius if intrusion occurs.
- Establish dedicated response teams and clear escalation pathways with law enforcement to address online exploitation and cybercrime incidents quickly.
- Participate in cross-industry threat intelligence sharing and monitor dark web communities to detect emerging subgroups and attack planning activity.
- Continuously validate defenses and test incident response plans through tabletop exercises and red team simulations to ensure preparedness for both cyber intrusions and online exploitation scenarios.
Collectively, these measures help organizations reduce risk, detect abuse early, and strengthen resilience against both cybercrime and online exploitation.
Confronting Decentralized Cybercrime
Project Compass demonstrates that addressing modern online threats requires sustained international coordination and a combination of investigative, technical, and preventative measures.
As decentralized digital collectives continue to blend grooming, extremism, and financially motivated cybercrime, organizations must adapt their security and safety strategies accordingly.
This evolving threat landscape is prompting organizations to adopt zero trust solutions that continuously verify users, devices, and activity rather than relying on assumed trust within their networks.
