Federal authorities unsealed charges Wednesday against five individuals with links to the “Scattered Spider” cybercrime syndicate, accusing them of conducting an extensive phishing scheme that compromised companies nationwide, enabling the theft of non-public data and millions in cryptocurrency.
Ahmed Hossam Eldin Elbadawy, 23, of Texas; Noah Michael Urban, 20, of Florida; Evans Onyeaka Osiebo, 20, of Texas; and Joel Martin Evans, 25, of North Carolina, have been charged with conspiracy to commit wire fraud, for allegedly sending phishing messages to various technical employees to capture login credentials, which were then illicitly used to access and exploit corporate and individual accounts.
A separate complaint was filed against Tyler Robert Buchanan, 22, from the United Kingdom, for similar crimes.
Evans was arrested Tuesday by the FBI in North Carolina and is expected to make his initial court appearance Wednesday. Urban was arrested in January in Florida after being indicted on separate federal wire fraud and aggravated identity theft charges. Buchanan was arrested in June by Spanish police for being “responsible for the computer attack on 45 companies in the United States.”
“The defendants allegedly preyed on unsuspecting victims in this phishing scheme and used their personal information as a gateway to steal millions in their cryptocurrency accounts,” said Akil Davis, the assistant director in charge of the FBI’s Los Angeles field office. “These types of fraudulent solicitations are ubiquitous and rob American victims of their hard-earned money with the click of a mouse.”
Scattered Spider emanates from an online community known as “the Com,” an aggressive, nebulous ring of approximately 1,000 young cybercriminals that are mainly organized on online platforms. The group, also tracked by cybersecurity firms as “0ktapus,” Octo Tempest, or UNC3944, has been known to target big-name companies, including the casino giant MGM Resorts and Clorox.
Court documents reveal that between September 2021 and April 2023, the defendants disseminated mass SMS phishing messages to employees of various target companies. These messages deceptively indicated account deactivation warnings, directing users to phishing sites mirroring genuine business service providers. When employees entered their credentials, these were harvested to gain unauthorized access to corporate systems, resulting in the theft of intellectual property and personal identifiers. The group also used stolen information to break into many cryptocurrency accounts and steal millions of dollars.
The FBI had faced criticism for limited progress in bringing members of the Com to justice. However, law enforcement actions targeting Scattered Spider and the wider Com network have been frequently occurring over the past few months.
Aside from the arrests mentioned above, British police arrested a 17-year-old who is believed to be behind last year’s ransomware attack on MGM Resorts. Earlier this month, Canadian authorities arrested Alexander “Connor” Moucka, an alleged Com member suspected of orchestrating a series of data exfiltration attacks targeting customers of the data storage firm Snowflake.
The post US charges five men linked to ‘Scattered Spider’ with wire fraud appeared first on CyberScoop.