Five alleged members of the notorious Scattered Spider hacking group have been charged with executing a sophisticated phishing scheme that netted them millions of dollars in stolen cryptocurrency and sensitive company data.
The United States govemnet has confirmed arresting and charging five individuals allegedly linked to the Scattered Spider group (aka 0ktapus and UNC3944). This notorious hacking collective is accused of masterminding a sophisticated phishing scheme that targeted employees across the United States.
The feds unsealed the charges against the five defendants on November 20, revealing a scheme that relied on mass text message campaigns. According to the US Justice Department’s press release, investigators identified four defendants the citizens of the United States and one from the United Kingdom.
- Joel Martin Evans (25) – United States
- Noah Michael Urban (20) – United States
- Evans Onyeaka Osiebo (20) – United States
- Tyler Robert Buchanan (22) – United Kingdom
- Ahmed Hossam Eldin Elbadawy (23) – United States
As previously reported by Hackread.com, the gang targeted cryptocurrency users and investers along with the Federal Communications Commission (FCC) employees with phishing messages warning them about account deactivation and linked them to phishing websites that resembled legitimate ones.
The group directed recipients to provide confidential information, including login credentials, and sometimes employees were sent two-factor authentication requests sent to their mobile phones.
Once clicked, the links led to phony websites that mimicked real company login pages. Unsuspecting victims, believing they were accessing official company portals, unintentionally gave away their login credentials.
Using this stolen information, the Scattered Spider crew allegedly gained unauthorized access to corporate computer systems. Once inside, they stole a treasure trove of sensitive data, including intellectual property and proprietary information, as well as personal information from hundreds of thousands of individuals, according to United States Attorney Martin Estrada.
The group also, allegedly, used the stolen credentials they also gained unauthorized access to numerous individuals’ cryptocurrency accounts and wallets, stealing millions of dollars’ worth of virtual currency from victim company intrusions and leaked data sets.
It is worth noting that Scattered Spider was also behind the cyberattack on MGM Resorts International in September 2023 in which it collaborated with the ALPHV ransomware group, also known as BlackCat.
“The defendants allegedly preyed on unsuspecting victims in this phishing scheme and used their personal information as a gateway to steal millions in their cryptocurrency accounts,” stated the FBI’s Los Angeles Field Office’s Assistant Director in Charge, Akil Davis.
Authorities say the group operated from September 2021 to April 2023 and caused significant financial losses, not just to targeted companies but also to individual victims who lost their hard-earned cryptocurrency. It is worth noting that cryptocurrency custodian Fortress Trust lost $15 million in customer funds due to a phishing attack on third-party vendor, Retool, supposedly launched by the same group.
If convicted, the defendants face a maximum sentence of 20 years in federal prison for a conspiracy to commit wire fraud case, up to five years for the conspiracy count, and a mandatory two-year consecutive sentence for aggravated identity theft.
William Wright, CEO of Closed Door Security, highlighted Scattered Spiders’ sophisticated tactics in targeting MGM Resorts, including tracking an employee on LinkedIn and exploiting IT helpdesk processes to reset a password. This was followed by an MFA fatigue attack, granting system access. Wright emphasized the need for organizations to test their networks and train employees to counter such advanced social engineering threats.
RELATED TOPICS
- FBI Disrupts Chinese State-Backed Volt Typhoon’s KV Botnet
- Goldoon Botnet Hiy D-Link Devices, Exploits 9-Year-Old Flaw
- LockBit Ransomware Gang Domains Seized in Global Operation
- Operator of Proxy Botnet ‘IPStorm’ Arrested, Pleads Guilty in US
- 4 Arrested as Operation Endgame Disrupts Ransomware Botnets
