Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CL-CRI-1116 / BlackFile overlap with The Com

Threat Actor Meta
First reported
Last updated
Happening score
H score 15
1 unique sources, 1 articles

Summary

Hide ▲

Researchers linked CL-CRI-1116 to overlapping labels including BlackFile, UNC6671, and Cordial Spider, suggesting the extortion cluster sits inside a broader The Com-associated ecosystem. That attribution shift matters because it changes how defenders and investigators map the operators behind the retail and hospitality targeting. The overlap also suggests multiple public names may describe related parts of the same criminal network rather than separate groups.

Related Happenings

BlackFile vishing extortion campaign targeting retail and hospitality organizations

Campaign
First: 24.04.2026 21:26 Last: 24.04.2026 21:26 Sources 1

How related: Security researchers have revealed details of a new extortion group that has been actively targeting retail and hospitality businesses since February 2026.

About this happening: The **BlackFile** campaign is driving **vishing-based data theft and extortion** against **retail and hospitality organizations**, putting employee credentials and enterprise data...

Open Happening

NCA National Strategic Assessment launch and teen cybercrime warning

Public Sector Action
First: 20.03.2026 11:40 Last: 20.03.2026 11:40 Sources 1

About this happening: The **UK National Crime Agency (NCA)** launched its **National Strategic Assessment** and warned that **online platforms** are helping draw teens into **cybercrime**. Director gen...

Open Happening

Middle East hacktivist surge targets government, banking, aviation and telecom sectors

Target Trend
First: 02.03.2026 17:00 Last: 02.03.2026 17:00 Sources 1

About this happening: **More than 150 hacktivist incidents** were recorded between **February 28 and March 1, 2026**, marking a sharp surge in **Middle East** targeting that raised spillover risk for o...

Open Happening

Europol Project Compass arrests in The Com case

Law Enforcement
First: 27.02.2026 13:00 Last: 27.02.2026 13:00 Sources 1

About this happening: Europol's **Project Compass** arrested **30 perpetrators** and identified **179** others in a **cybercrime** and extortion case tied to **The Com**. The action matters because the...

Latest development: 02.03.2026 22:32

Europol said Project Compass, led by the European Counter Terrorism Centre and involving law enforcement agencies from 28 countries, has resulted in 30 arrests tied to The Com. Investigators also fully or partially identified 179 members, identified or partially identified 62 victims, and safeguarded four victims while the operation continues against The Com and its sub-groups.

Open Happening

Ransomware victim listings and active groups surge across 2025

Target Trend
First: 18.02.2026 13:30 Last: 18.02.2026 13:30 Sources 1

About this happening: **Ransomware** victim listings climbed to **7,458** on leak sites in **2025**, while active groups reached **124**, signaling a broader and more fragmented extortion ecosystem.

Open Happening

Timeline

  1. 27.04.2026 11:15 2 articles · 1mo ago

    CL-CRI-1116 overlaps with BlackFile and The Com

    Attribution Update

    Palo Alto Networks’ Unit 42 and RH-ISAC published a report on April 23, 2026 that linked financially motivated activity cluster CL-CRI-1116 to public reporting on BlackFile, UNC6671, and Cordial Spider, and said the cluster is likely associated with The Com. The same reporting said the activity has been targeting retail and hospitality businesses since February 2026.

    Show sources
    Open in new tab