Threat Intelligence Tarot
Vol. II · 105
Criminal (Anglophone, primarily US/UK teens and young adults)
★★★★★
risk 3/5
✦ The Chaos Court ✦
The Com
Com Threat Actors · Comm
Telecom companiesTechnology firmsCryptocurrency holdersIndividualsCorporations
Active since ~2020 · Financial gain, Notoriety, Chaos
The Chaos Court convenes in voice channels and group chats, teenagers and twenty-somethings trading techniques and targets with the casualness of a gaming session. Its power is not technical but social: the human is always the vulnerability.
Tactics & Techniques
RCN
RDV
INI
EXC
PRS
PRV
EVA
CRD
DSC
LAT
COL
C2
EXF
IMP
Notable Operations
- ◆Coordination of SIM swap campaigns draining cryptocurrency wallets
- ◆MGM Resorts breach enabled via vishing of IT help desk (Scattered Spider affiliated)
- ◆Discord-organized attack coordination across dozens of concurrent campaigns
- ◆Infrastructure enabling both Scattered Spider and Lapsus$ operations
Defenses
- ▸Help desk verification procedures requiring out-of-band identity confirmation for all account changesCIS Control 6 ↗
- ▸Telecom carrier SIM swap protection and port freeze on high-value accountsNIST CSF: PR.AC ↗
- ▸Phone number not used as MFA factor: switch to authenticator app or hardware keyNIST CSF: PR.AC ↗
- ▸Privileged action approval requiring manager confirmation for account recoveryCIS Control 6 ↗
Reversed: Their Weakness
Its reliance on human social engineering means that hardened help desk verification procedures, enforced callback verification to known numbers, and telecom SIM swap protections remove virtually all of its access vectors.
Share this adversary profile
Compare →swipe to browse
Related Adversaries
Data sourced from MITRE ATT&CK. For educational purposes.