Grew up in The COM: Evolution and correlation of novel eCrime tradecraft from Scattered Lap$us ShinyHunters and friends

Sajal Thomas | Ryan Fyffe

Financially motivated adversaries have completed a fundamental shift from endpoint-centric intrusions to identity and SaaS-only campaigns that achieve full mission objectives without ever touching a managed host. Drawing on front-line incident response engagements and eighteen months of structured adversary capability assessments, this talk traces that evolution through the operations of SCATTERED SPIDER, COM-adjacent groups like Scattered Lap$us ShinyHunters and others, whose combined tradecraft represents the current state of the art in eCrime. We walk through the forensic reality of investigating breaches where no traditional evidence trail exists and identify structural challenges defenders face regardless of their vendor stack or maturity level. The session closes with actionable guidance on where to invest limited budgets, which identity chokepoints actually disrupt these kill chains, and why deploying more endpoint agents is no longer a sufficient strategy.