A 19-year-old from California has been charged over his alleged role in Scattered Spider attacks, and court documents show that he did a poor job at covering his tracks.
Bloomberg [paywalled article] reported that the teen, Remington Ogletree, was arrested last month and released on bail.
According to court documents, Ogletree conducted cybercriminal activities between at least October 2023 and May 2024. He has been accused of gaining unauthorized access to various companies’ networks, stealing confidential data and selling some of it on the dark web, and stealing cryptocurrency, with losses caused by his actions totaling over $4 million.
The teen is said to have used social engineering, including phone calls and phishing text messages, to obtain the credentials needed to gain access to targets’ networks, which is common for Scattered Spider attacks.
A criminal complaint describes Ogletree’s role in an attack targeting an unnamed telecom business, from which he obtained API keys that gave him access to customer accounts, which he abused to send and attempt to send out roughly 8.5 million phishing texts to people in the US. The phishing attack’s goal was the theft of cryptocurrency from individuals.
Investigators linked Ogletree to the attack based on an iCloud account and phone number that belonged to him and were used to conduct tests for the massive phishing campaign.
The complaint also describes attacks on an unnamed financial institution and a second telecom company, which were also compromised after an employee’s credentials were obtained through phishing.
These attacks were also tied to Ogletree, based on information associated with an account on a video gaming platform, various email accounts, and IP addresses that were used in attacks and were linked to the suspect, including based on his own confirmation during an interview with FBI agents who conducted a search of his residence.
In the same interview, Ogletree admitted knowing about Scattered Spider and possessing hacking skills. Two days after his residence was searched, according to investigators, Ogletree attempted to convert $50,000 and later $75,000 worth of cryptocurrency to cash, but he unwittingly used a money laundering service that was part of an undercover FBI operation.
He had previously used the same money laundering service on several occasions to convert tens of thousands of dollars worth of cryptocurrency to cash. He had the money delivered to his own residence, as well as addresses associated with his father and other family members.
Scattered Spider (aka Starfraud, UNC3944, Scatter Swine, and Muddled Libra) is known for various types of profit-driven attacks, including ones involving the BlackCat ransomware. One of the best known victims is hospitality and entertainment giant MGM Resorts.
The cybercrime group has also been tied to the 0ktapus campaign, which targeted at least 130 organizations, including Twilio and Cloudflare, as part of an SMS-based phishing campaign whose goal was the theft of Okta identity service credentials.
Several alleged Scattered Spider members were arrested and charged in recent months, including in the UK and the US.
Related: 50 Servers Linked to Cybercrime Marketplace and Phishing Sites Seized by Law Enforcement
Related: Hackers Stole $1.49 Billion in Cryptocurrency to Date in 2024
Related: Russian Hacker With $10 Million Bounty on His Head Reportedly Arrested
