Full Report
Authorities have arrested multiple members of 764 during the past year, reflecting heightened law enforcement activity targeting the violent extremist collective. The post Alleged 764 member arrested, charged with CSAM possession in New York appeared first on CyberScoop.
Analysis Summary
# Incident Report: Arrests Related to Violent Extremist Collective 764
## Executive Summary
This report summarizes the ongoing law enforcement action against the violent extremist collective known as "764." The core incident highlighted involves the recent arrest and charging of Aaron Corey in New York for receiving and trafficking Child Sexual Abuse Material (CSAM) while allegedly affiliated with the group. The overarching impact is related to severe criminal activity—specifically the exploitation of children—rather than a traditional centralized cyber compromise against a single organization.
## Incident Details
- **Discovery Date:** Not explicitly stated for Corey, but law enforcement activity reflects arrests throughout the past year.
- **Incident Date:** Corey's alleged trafficking period ended in December (prior to his arrest on February 3rd, 2026, based on publication date).
- **Affected Organization:** N/A (Law enforcement action against individuals).
- **Sector:** Law Enforcement/Criminal Activity Targeting Vulnerable Populations.
- **Geography:** New York (Specific arrest); USA (Broader arrests mentioned).
## Timeline of Events
*(Note: This timeline is reconstructed based on law enforcement action against the collective, with specific details for the latest reported arrest.)*
### Initial Access
- **Date/Time:** Ongoing activity leading up to December [Year prior to 2026].
- **Vector:** Online interactions, potentially social media or encrypted chat platforms used for criminal coordination.
- **Details:** Aaron Corey ("Baggeth") was allegedly running multiple 764-related chats, seeking CSAM from other members.
### Lateral Movement
- **Details:** Internal movement within the decentralized extremist network, suggesting established communication channels between members to distribute and acquire illegal materials.
### Data Exfiltration/Impact
- **Details:** Possession and alleged trafficking of CSAM, including images and videos of children as young as 2 years old, found on the suspect's mobile device and computer. Investigators also found searches related to minors.
### Detection & Response
- **Detection:** FBI investigation, leading to the arrest of Corey on Monday (prior to Feb 5, 2026).
- **Response Actions:** Arrest, federal court appearance, and detention pending further proceedings. This is part of a broader, sustained law enforcement campaign against the 764 network.
## Attack Methodology
*(Note: As this is a criminal investigation focusing on extremist behavior, concepts like "Attack Vector" and "Impact" are framed around criminal exploitation rather than traditional APT methodology.)*
- **Initial Access:** Online recruitment/affiliation with the 764 collective.
- **Persistence:** Maintaining presence in 764-related chat channels.
- **Privilege Escalation:** N/A (Relates to increasing criminal influence within the group hierarchy, e.g., Corey running chats).
- **Defense Evasion:** Unknown specific cyber techniques; relied on established criminal communication platforms.
- **Credential Access:** N/A (No mention of unauthorized system access for corporate data).
- **Discovery:** Investigators actively tracking the member's online activities, likely through digital forensics post-surveillance or informant data.
- **Lateral Movement:** Communication and distribution of illegal content within the network ecosystem.
- **Collection:** Locating and downloading CSAM materials onto personal devices.
- **Exfiltration:** Trafficking/Distributing CSAM to other affiliated members.
- **Impact:** Psychological and physical harm/exploitation of vulnerable children.
## Impact Assessment
- **Financial:** Not disclosed. Focus is on criminal prosecution and incarceration sentences.
- **Data Breach:** Not a data breach of a corporate system. Involves the collection and storage of highly illegal CSAM on personal devices.
- **Operational:** Disruption to the internal operations and leadership structure of the 764 network due to multiple arrests (e.g., arrests of alleged leaders Varagiannis and Nepal).
- **Reputational:** High negative reputational impact on the affiliated individuals involved in the violent extremist collective.
## Indicators of Compromise
*(Indicators are related to the suspect and the collective's known attributes, not technical network compromises.)*
- **Network Indicators:** N/A (No specific malicious IPs or domains listed as compromised).
- **File Indicators:** CSAM detected on mobile devices and computers.
- **Behavioral Indicators:** Alleged online moniker "Baggeth"; searching for local parks and information about relationships with minors.
## Response Actions
- **Containment Measures:** Arrest and detention of the suspect (Aaron Corey).
- **Eradication Steps:** Seizure of digital devices containing illegal materials.
- **Recovery Actions:** Continued law enforcement operations targeting other members of the 764 network and its offshoots (e.g., 8884).
## Lessons Learned
- Heightened law enforcement focus (FBI/DOJ) is successfully leading to targeted arrests against the 764 violent extremist collective and related groups.
- The investigation highlights the nexus between violent extremism, cybercriminal tactics (coercion, communication), and severe crimes against children.
- The group utilizes existing criminal communication methods to foster an environment for sharing and soliciting CSAM.
## Recommendations
- **Prevention Measures for Similar Incidents:** Continued proactive monitoring by federal agencies of online platforms known to host activity related to extreme ideological groups like 764.
- **For Organizations:** While not directly implicated in a breach, organizations should remain vigilant regarding employee associations with known extremist groups, especially those involving cyber-facilitated crimes.