Five alleged members of the infamous Scattered Spider hacking group have been charged with executing a sophisticated phishing scheme that netted them millions of dollars in stolen cryptocurrency and sensitive company data.
The United States government has confirmed the arrest and charge of five people allegedly linked to it. A group of scattered spiders (aka 0ktapus and UNC3944). The notorious hacking group is accused of masterminding a sophisticated phishing scheme that targeted employees across the United States.
The feds dropped charges against all five defendants on Nov. 20, revealing a scheme that relied heavily on text message campaigns. According to the US Department of Justice Press releaseinvestigators identified four of the defendants as citizens of the United States and one from the United Kingdom.
- Joel Martin Evans (25) – United States
- Noah Michael Urban (20) – United States
- Evans Onyaka Osibo (20) – United States
- Tyler Robert Buchanan (22) – United Kingdom
- Ahmad Hussamuddin al-Badawi (23) – United States
As before Reported by Hackread.com.the gang sent cryptocurrency users and investors, as well as Federal Communications Commission (FCC) employees, through phishing messages warning them about account deactivation and linking them to phishing websites that appeared to be legitimate websites. Sites were similar.
The group instructed recipients to provide confidential information, including login credentials, and sometimes sent employees two-factor authentication requests to their mobile phones.
Once clicked, the links led to fake websites that mimicked the real company’s login pages. Unsuspecting victims, believing they are accessing official company portals, inadvertently give away their login credentials.
Using this stolen information, Scattered Spider staff allegedly gained unauthorized access to corporate computer systems. Once inside, they stole a wealth of sensitive data, including intellectual property and proprietary information, as well as the personal information of millions of people, according to United States Attorney Martin Estrada.
The group also allegedly used stolen credentials and gained unauthorized access to cryptocurrency accounts and wallets of multiple individuals, stealing millions of dollars worth of virtual currency from victim company intrusions and leaked data sets. of
It is worth noting that the scattered spider was also behind it. Cyber Attack on MGM Resorts International in September 2023 in which he collaborated with the ALPHV ransomware group, also known as BlackCat.
“The defendants allegedly preyed on unsuspecting victims in this phishing scheme and used their personal information to steal millions in their cryptocurrency accounts,” said Akhil Davis, assistant director in charge of the FBI’s Los Angeles Field Office. used as a gateway to
Officials say the group operated from September 2021 to April 2023 and caused significant financial losses not only to targeted companies but also to individual victims who lost their hard-earned cryptocurrency. It is worth noting that cryptocurrency watchdog Fortress Trust lost $15 million in customer funds. Due to a phishing attack A third-party vendor, Retool, is supposedly launched by the same group.
If convicted, the defendants face a maximum sentence of 20 years in federal prison for the wire fraud conspiracy count, five years for the conspiracy count, and two consecutive years for the aggravated identity theft count. can
William WrightThe CEO of Closed Door Security highlighted Scattered Spiders’ latest tactics to target MGM Resorts, including tracking employees on LinkedIn and exploiting IT help desk processes to reset passwords. This was followed by an MFA fatigue attack, which gained access to the system. Wright emphasized the need for organizations to test their networks and train employees to counter such advanced social engineering threats.
Related Topics
- FBI busts Chinese state-backed Volt Typhoon KV botnet
- Goldoon Botnet Hiy D-Link devices, exploits 9-year-old flaw
- Lockbit Ransomware Gang Domains Caught in Global Operation
- Operator of proxy botnet ‘IPStorm’ arrested, pleads guilty in US
- 4 were arrested as Operation Endgame disrupted ransomware botnets.