5 hackers indicted in the United States for Scattered Spider hacking campaigns
The U.S. Department of Justice has indicted four Americans and a British citizen over allegations of phishing, identity theft and cryptocurrency theft.
US law enforcement officials have unveiled a series of charges against five members of the Scattered Spider hacking group, following an alleged hacking campaign targeting at least 12 companies.
Ahmed Hossam Eldin Elbadawy, 23, of Texas; Noah Michael Urban, 20, of Florida; Evans Onyeaka Osiebo, 20, of Texas; and Joel Martin Evans, 25, of North Carolina, were each charged with one count each of conspiracy to commit wire fraud, one count of conspiracy and one count of aggravated identity theft .
Evans was arrested this week by the FBI, while Urban also pleaded not guilty to previous fraud charges in a separate criminal case.
A fifth indictment against Briton Tyler Robert Buchanan, 22, was also unsealed. Buchanan faces similar charges to the other four.
The DOJ alleges that the five men — whose connection to the Scattered Spider group was confirmed by the U.S. Attorney’s Office in Los Angeles — engaged in extensive hacking campaigns between September 2021 and April 2023. They engaged in SMS phishing attacks. to steal employee credentials; the stolen credentials were then used to access company networks and steal confidential information such as intellectual property, personal information and company data.
The five also allegedly used stolen credentials to access cryptocurrency wallets to steal millions of dollars in crypto assets.
“We allege that this group of cybercriminals perpetrated a sophisticated scheme to steal intellectual property and proprietary information worth tens of millions of dollars and steal personal information belonging to hundreds of thousands of people,” the statement said. American lawyer Martin Estrada in a press release from the Department of Justice.
“As this case shows, phishing and hacking [have] are becoming more and more sophisticated and can lead to huge losses. If something in the text or email you received or the website you are viewing seems wrong, it probably is.
Akil Davis, assistant director in charge of the FBI’s Los Angeles field office, added that the alleged perpetrators “preyed on unsuspecting victims in this phishing scheme and used their personal information as a gateway to steal millions from their cryptocurrency accounts.”
“These types of fraudulent solicitations are pervasive and deprive American victims of their hard-earned money with the click of a mouse. I am proud of our excellent cyber agents whose work has led to the identification of suspected schemers who face significant prison time if convicted,” Davis said.
Although the DOJ did not name the victims, Scattered Spider was previously responsible for high-profile hacks targeting Caesars Palace and MGM Resorts in Las Vegas.