The job posts don’t immediately raise alarms, even though they’re clearly not for tutoring or babysitting.

“Female candidates are a PRIORITY, even if you aren’t from US, if you do not have a clear accent please feel free to inquire,” a public Telegram channel post on Dec. 15 stated. “INEXPERIENCED people are OKAY, we can train you from scratch but we expect you to absorb information and take in what you are learning.” Those who are interested are expected to be available from 12 pm EST to 6 pm EST on weekdays and will earn $300 per “successful call,” paid in crypto.

Of course, the ad isn’t for a legitimate job at all. It’s a recruiting post to join a criminal underground organization, where the job is undertaking ransomware attacks against big corporations. And the ‘gig’ workers being recruited are largely kids in middle and high schools. The enterprise is called The Com, short for “The Community,” and it includes about 1,000 people involved in numerous ephemeral associations and business partnerships, including those known as Scattered Spider, ShinyHunters, Lapsus$, SLSH, and other iterations. Associations change and reframe frequently in what expert researcher Allison Nixon calls “a huge spaghetti soup.” Since 2022, the pipeline has successfully infiltrated U.S. and UK companies with a collective market cap valuation of more than $1 trillion with data breaches, theft, account compromise, phishing, and extortion campaigns. Some 120 companies have been targeted, including brands such as Chick-fil-A, Instacart, Louis Vuitton, Morningstar, News Corporation, Nike, Tinder, T-Mobile, and Vodafone, according to research from cyber intelligence firm Silent Push and court records...