CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

US Charges Five Alleged Scattered Spider Members

Five alleged members of the Scattered Spider cybercrime group were charged for phishing and stealing millions in cryptocurrency.

The US Department of Justice on Wednesday announced charges against five individuals for their alleged roles in phishing attacks resulting in credential, data, and cryptocurrency theft.

According to the indictment, from at least September 2021 to April 2023, the suspects sent phishing text messages to employees at numerous companies, posing as the employing organization or one of its suppliers.

Often purporting that the employees’ accounts were about to be deactivated, the fraudulent messages directed the victims to phishing websites designed to mimic those of the legitimate companies, luring the victims into entering their usernames and passwords, which were sent to the attackers.

The defendants then used the stolen credentials to access the victims’ accounts and the systems of the targeted companies, stealing confidential data and personal information, including names, phone numbers, email addresses, and account credentials.

The suspects allegedly used the stolen information to access the cryptocurrency accounts of numerous individuals, stealing millions of dollars in cryptocurrency.

According to the indictment, the defendants targeted at least 12 organizations in the US for data theft and stole roughly $11 million in cryptocurrency assets from the wallets of at least 29 individuals.

“The conspirators were members of a loosely organized financially motivated cybercriminal group whose members primarily target large companies and their contracted telecommunications, information technology (IT), and business process outsourcing (BPO) suppliers,” the indictment reads.

The five suspects are Ahmed Hossam Eldin Elbadawy, 23, of College Station, Texas, Noah Michael Urban, 20, of Palm Coast, Florida, Evans Onyeaka Osiebo, 20, of Dallas, Texas, Joel Martin Evans, 25, of Jacksonville, North Carolina, and British national Tyler Robert Buchanan, 22.

Advertisement. Scroll to continue reading.

They were part of the financially motivated cybercrime group Scattered Spider, Reuters reports.

Urban was arrested in January, Buchanan was arrested in Spain while trying to board a flight to Italy, and Evans was arrested on Tuesday. Urban, the DoJ says, also faces several fraud charges in a separate case, to which he pleaded not guilty.

In July, British authorities announced the arrest of a 17-year-old alleged member of Scattered Spider, for his involvement in the September 2023 cyberattack on MGM Resorts. The Alphv/BlackCat ransomware group claimed responsibility for the incident.

Also tracked as Starfraud, UNC3944, Scatter Swine, and Muddled Libra, Scattered Spider is known for deploying the BlackCat ransomware in attacks and is believed to be responsible for the 0ktapus campaign, which hit over 130 organizations.

Related: US Police Detective Charged With Purchasing Stolen Credentials

Related: Ex-Disney Worker Accused of Hacking Computer Menus to Add Profanities, Errors

Related: Two Indicted in US for Running Dark Web Marketplaces Offering Stolen Information

Related: Greece Flies Russian Money Launderer to US: Lawyer

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.