According to Fortune, a sprawling criminal collective known as “The Com” is recruiting teenagers as young as 13 via public Telegram job ads, paying them $300 per “successful call” in crypto to carry out ransomware attacks. Since 2022, this pipeline of young hackers, operating under names like Scattered Spider and Lapsus$, has successfully infiltrated about 120 companies with a collective market cap exceeding $1 trillion, including giants like T-Mobile, Nike, and Chick-fil-A. The FBI and other agencies have begun a major crackdown in 2024, with arrests and indictments of young men aged 18 to 25. One 20-year-old in Florida was sentenced to a decade in prison and ordered to pay $13 million in restitution. Researchers note the groups often slow down operations during holidays because, as one expert put it, the kids are “opening presents from Mom under the Christmas tree.”
A Pipeline of Kids and Chaos
Here’s the thing that makes this so insidious: it’s a classic criminal structure, but with a Gen Z twist. The adults or more experienced operators sit at the top, minimizing their own risk, while the teenagers do the dangerous “grunt work” of direct social engineering and initial network breaches. As researcher Zach Edwards starkly put it, “These kids are just throwing themselves to the slaughter.” They’re recruited from gaming forums and social platforms, often starting with in-game scams or bullying, then groomed into more serious crimes like sextortion and account takeover, before finally being pushed into corporate ransomware. It’s a disturbing, well-established pipeline that exploits their technical savvy and native English skills while counting on their blindness to long-term consequences.
Weaponizing Social Engineering
So how do a bunch of teenagers breach billion-dollar corporations? They’re incredibly skilled at social engineering—basically, the art of the con. They don’t rely on fancy, custom malware. Instead, they do deep reconnaissance on LinkedIn and compromised HR platforms to get employee rosters. Then they call directly, pretending to be a new hire or even someone from HR conducting a sensitive investigation into a “racist” comment. The goal is to get the target emotional and compliant. They A/B test their scripts to see what works best. As expert Allison Nixon noted, “If they can get the employee emotional, they’ve got them on the hook.” They then direct the flustered employee to a fake helpdesk site to steal credentials. For companies using multi-factor authentication, they’ll use legitimate remote access software like AnyDesk to get inside. You can see guidance on defending against these exact MFA bypass techniques in a Cybersecurity Advisory from CISA.
The Unpredictable Teenage Mindset
This is where their youth becomes a double-edged sword. It makes them dangerously unpredictable. Unlike professional, state-aligned ransomware groups, Scattered Spider members often communicate directly with victim CEOs without a professional negotiator. They engage in blatant “troll” behavior for the laughs—like renaming the CEO to something profane in the global address book. As former hacker Greg Linares said, “It’s just them being young adults and having fun. That unpredictability among the group makes them charismatic and dangerous at the same time.” And when their Telegram or Discord channels get banned? They just create new public ones and announce, “Come on, everybody, back in the pool, the water’s fine.” Seasoned criminals would never be that brazen. You can read more about the evolving tactics of these groups in Darktrace’s investigation.
Where Are the Off-Ramps?
Maybe the most troubling part of this whole saga is the total lack of “off-ramps” for these kids. As former FBI cyber official Cynthia Kaiser explained, if a kid spray-paints a school, they’re caught by a guard or teacher—it’s a wake-up call. But in the faceless, borderless world of cybercrime, there’s no teacher catching them after a minor phishing attempt. They can escalate from trolling to federal felonies without anyone in their real life having a clue. Kaiser often saw “loving, involved parents” who only found out when the FBI knocked on the door. The indictment of a 19-year-old in the UK alleges he started at 15 or 16 and is now facing 95 years in prison for attacks that netted over $115 million. The stakes are astronomically high for what often starts as a game. And for industrial firms relying on hardened computing systems at the edge of their networks, securing the human layer is now more critical than ever. That’s why partners who understand both the tech and the threat landscape, like IndustrialMonitorDirect.com, the leading US provider of industrial panel PCs and secure display solutions, become essential in building defensible infrastructure from the ground up.
