This Insight was published as part of GIFCT’s Working Group on Addressing Youth Radicalization and Mobilization. GIFCT Working Groups bring together experts from diverse stakeholder groups, geographies and disciplines to offer advice in specific thematic areas and deliver on targeted, substantive projects.
On 25 November, the FBI issued a warning:
“The FBI is warning the public of a sharp increase in the activity of ‘764’ and other violent online networks which operate within our country and around the globe. These networks methodically target and exploit minors and other vulnerable individuals. (…) Many threat actors systematically target underage females, but anyone — juveniles, adults, males, and females — can be targeted. Victims are typically between the ages of 10 and 17 years old, but the FBI has seen some victims as young as 9 years old.”
This is not the first time US authorities have warned about the growing threat from the ‘764-network’, and it won’t be the last either. Other countries, like Australia, have recently issued similar warnings. Further, on 8 December, the Canadian Government formally listed 764 as a terrorist entity.
‘764’ is best described as a Nihilistic Accelerationist online network with little formal hierarchy but global reach. It is part of the online Com network that comprises a number of violent, exploitative, yet distinctive, networks that are terrorising a growing number of victims online and offline.
764 originated in North America in 2021, when 15-year-old Bradley Chance Cadenhead spun a small Discord server out of the earlier CVLT sextortion network and named it after his local ZIP code: 764. What began as a tight-knit US-based group of mostly English-speaking boys and young men very quickly became a transnational hub within the Com. Within a few years, US law enforcement determined that all 55 of the FBI’s field offices had open 764-related cases, while parallel investigations were launched in Canada, Europe, and Australia.
From the outset, the network’s infrastructure (mainly Discord and Telegram channels with spill-over onto gaming platforms like Roblox and Minecraft) made it easy for North American operators to recruit and direct peers across borders. In practice, “764” functions less as a single organisation and more as a North American–anchored ecosystem of semi-autonomous cells whose members move fluidly between US, Canadian, European and Australian time zones, swapping victims, methods and propaganda.
While originally an online-focused network, Marc-Andre Argentino points to an important new trend with a number of offline attacks taking place: “Though Com is predominantly a digital network and phenomenon, there have been some criminal activities that occurred offline, such as arson, bricking, and murder for hire. Traditionally, these offline activities were carried out by adult members associated with Cyber Com. However, Extortion Com (where 764 is found) has seen a shift in criminal activity over 2024, moving from a focus on sextortion/CSEA to offline kinetic acts of criminality.”
This evolution is crucial for understanding the spread of 764. The network’s culture, aesthetics and methods are easily copied: a teenager needs little more than a smartphone, access to Discord and Telegram, and an invitation link to be drawn into a world where status is earned by escalating harm. Once a local node forms, pressure from peers and admins to move from online abuse to “real-life ops” – stabbings, arson, sexual assaults – can build quickly. What begins as an American, largely online phenomenon, thus becomes a portable script for violence that can be adopted by teenagers in any country with the same platforms and subcultures.
This Insight showcases the 764 network’s worrying activities in the Nordic region. It draws up a timeline of known cases in Sweden and Norway and presents new data on activities in Denmark that have otherwise not been reported in mainstream media. Finally, it presents recommendations on how to better counter these networks on macro-, meso-, and micro-levels.
Inroads into the Nordics
Against this backdrop, it is unsurprising that the 764 network has begun to surface in the Nordics. Since 2024, Sweden has been affected by four known cases, while Norway is facing one court case linked to 764. Common to all five cases – aligning well with broader trends in 764 cases – are extremely young predators exploiting and targeting young girls, and occasionally boys, in a combination of online and offline attacks in their own countries and across borders.
The first known case dates back to April 2024, when a 15-year-old boy known by his online moniker ‘Chai’ was sentenced to 7 months of youth supervision. Chai was found guilty of targeting a 13-year-old Swedish boy, encouraging him to: self-harm, carry out sexual acts online, and commit suicide using a knife. Despite receiving his sentence, the young Chai has allegedly managed to continue his online activities, with reports of ongoing encouragement to self-harm.
A second case was revealed when a 14-year-old boy known as ‘Slain764’ in July 2024 attacked a woman in her 50s on her way to work, and two months later, on 13 September, he attacked an 82-year-old man in the Swedish town of Hässelby, a suburb of Stockholm. The victims suffered severe injuries but luckily survived the attacks. Since the attacker was a minor, he initially evaded prison time despite being a leader of the global 764 network and clearly following the 764 propagated modus operandi. In addition to the two known attacks, Slain764 also carried out six other attacks, all filmed and circulated across 764 online groups.
Figure 1: Screenshot from a video originally published by 764-member ‘Slain’ on Telegram. Credit to SVT.
‘Slain764’ was allegedly heading up the Swedish chapter of No Lives Matter/764, known locally as ‘Mordwaffen’. What this exactly means in a network with little hierarchy is not entirely clear. Yet, Slain764 was acting as an admin in numerous Swedish 764-Telegram channels. Since he was only 14 years old when he committed the crimes, he was not criminally liable in Sweden and has ended up in youth care.
Only a few months later, in January 2025, another 14-year-old attacked a 55-year-old woman with a knife in the city of Borås. The boy himself has acknowledged carrying out the attack, yet claims that he was pressured to do so by people in the 764 network issuing threats against him and his family. Authorities, though, believe the boy acted on his own conviction linked to 764.
The most recent Swedish case was made public in April 2025 and concerns a 17-year-old boy. He was initially accused of sexually exploiting a young girl, encouraging her to commit suicide and sending manuals instructing her how to do so. More recently, new accusations have emerged accusing him of involvement in two attempted murders in June 2024 in Hässelby. While it is not entirely clear from public documents, it appears likely that those two murder attempts refer to some of the attacks linked to Slain764.
Last Summer, the Norwegian authorities arrested a teenage boy accused of links to 764 and participation in the rape of a young Australian girl. Uncovered material shows communication between the teenager and Slain764 in Sweden. Since then, another boy has come under investigation, but no information has been revealed in his case. A girl, known to have been a victim of sexual exploitation and self-harm, is also under investigation after she was encouraged by actors in the 764-network to kill a family member.
Escalating 764 Activity in Denmark and Beyond
While several incidents linked to 764 networks have already surfaced in Sweden and Norway, the threat in Denmark has, until recently, been far less understood. A new report from Darksight Analytics and the Institute for Countering Digital Extremism (ICDE) now confirms that a Danish individual holds a leading position within one of the most active 764-networks. Additionally, several Danish individuals have been observed participating in the 764-cell’s official Telegram and Discord chats, indicating a noticeable increase in Danish involvement within the cell.
This network – driven in part by the Danish actor – has repeatedly coerced and extorted young victims into extreme acts, including self-harm and the production of bloodsign and cutsign material. The same individual is also linked to an alleged suicide livestream on Discord, where a victim was filmed hanging themselves in a bathroom. Although the authenticity of the footage could not be independently verified, the incident aligns with known tactics and previously documented behaviour within 764 communities.
The group’s recruitment material openly lists entry requirements such as bricking (refers to throwing bricks through windows and damaging vehicles), graffiti, and arson (other acts of vandalism); stabbings and beatings (violent assaults); and the production of extortion-based self-harm content (bloodsigns and cutsigns).
Figure 2: Screenshot of a recruitment post published on the 764 cells’ official channel.
In early September, the Danish leader reportedly hosted a livestream in which he was seen extorting victims into self-harm, vandalising cars, and chasing random individuals while armed with a knife, as can be seen below:
Figure 3: Screenshot of conversations between the leading Danish actor and other community members.
The Danish individual appears to have gained substantial traction and status within the community due to his willingness to participate in real-world incidents and conduct online extortions. As illustrated in the hierarchy chart below, he is regarded as one of the leading figures within the 764-cell.
Figure 4: Screenshot of a hierarchy chart shared on Telegram illustrating the management of the 764 cell.
On Telegram, another Danish user stated that he and a friend had brought knives to school, which allegedly resulted in contact with Danish social authorities. In the context of 764 networks – where spontaneous violence against public institutions is routinely encouraged – this type of conversation appearing among Danish users signals a concerning indication of risk.
Figure 5: Screenshot of conversations between a Danish threat actor and other community members.
On 3 November 2025, the network claimed responsibility for a major arson attack in Ängelholm, Sweden, allegedly carried out in collaboration with another 764-cell. The attack, which reportedly targeted between 20 and 25 vehicles, may have been a reaction to the arrest of one of the network’s key members.
Figure 6: Screenshot of the 764 cell claiming responsibility for an arson attack in Ängelholm, Sweden.
As can be seen in the above announcement, the 764-network claims responsibility for the arson attack in Ängelholm, Sweden. Images collected from the scene show the scale of destruction left behind.
Figure 7: Screenshot showing the aftermath of the arson attack published by Swedish media HD on 03.11.2025.
Conclusion and Recommendations: Countering 764’s Online Presence
While countering movements like 764 requires a broad, multisectoral effort, the platforms hosting related content remain central to mitigating this rapidly evolving threat. Social media companies must proactively identify and address conduct-related risks in the online spaces where 764-networks recruit new members and exploit vulnerable youth. The cross-platform nature of this activity further underscores the need for strong coordination and information-sharing between platforms and external stakeholders, including law enforcement agencies, child protection services, and social authorities.
It is therefore recommended that platforms significantly intensify moderation efforts across communities that overlap conceptually or behaviourally with 764. These include spaces centred on gore content, the idolisation of mass attackers, and communities that romanticise or encourage self-harm. Such environments frequently serve as entry points into 764-affiliated networks and require targeted, sustained interventions.
Because many individuals active in 764-linked networks are themselves very young, it is essential that front-line personnel working with the youth are equipped to recognise indicators of 764-affiliation. The group’s terminology, symbols, and communication patterns are tacit and subculturally distinct; understanding this coded language is considered crucial for identifying both potential perpetrators and vulnerable individuals engaging with these communities online. For this reason, greater awareness and targeted training for teachers, school staff, youth workers, law enforcement and social workers is strongly recommended to enable earlier detection and timely intervention.
–
Valdemar Balle is an Open-Source Intelligence specialist and researcher whose work explores the intersection of computational social science, online extremism, and online threat intelligence.
Anonymous Author is a member of GIFCT’s Working Group on Addressing Youth Radicalization and Mobilization.
–
Are you a tech company interested in strengthening your capacity to counter terrorist and violent extremist activity online? Apply for GIFCT membership to join over 30 other tech platforms working together to prevent terrorists and violent extremists from exploiting online platforms by leveraging technology, expertise, and cross-sector partnerships.
