US authorities arrest another suspected Scattered Spider hacker
Remington Goy Ogletree was arrested last month after allegedly hacking two telecommunications companies and a financial institution.
An American teenager arrested by US authorities last month is suspected of being a member of the Scattered Spider hacking group.
Remington Goy Ogletree, 19, was charged with one count of wire fraud and one count of aggravated identity theft after participating in a massive phishing campaign to steal employee credentials from a telecommunications company and an unnamed American financial institution and a European telecommunications company.
The FBI says Ogletree, once he gained access to his victims’ internal networks, stole data that was then sold on the darknet. He also allegedly used his access to his victims to steal cryptocurrency from other victims.
According to the FBI’s filing in the U.S. District Court of New Jersey, Ogletree’s victims lost more than $4 million.
Ogletree allegedly posed as support staff, calling employees and directing them to fake websites where he harvested their credentials.
“A review of screenshots of the phishing messages revealed statements intended to mislead employees into providing their credentials, including fraudulent messages claiming their “benefits package.” [was] updated” and “your employees’ schedule has been changed,” the complaint states.
“Some phishing messages told employees that they had received “a request from HR” or that their “VPN profile had been updated.”
The alleged Ogletree hacking campaigns took place between October and November 2023.
This is the seventh arrest this year linked to the Scattered Spider hacking group. Ahmed Hossam Eldin Elbadawy, Noah Michael Urban, Evans Onyeaka Osiebo and Joel Martin Evans – all from the United States – were arrested last month alongside a British man, Tyler Robert Buchanan. Another suspected Scattered Spider member was arrested in the UK in July.
Scattered Spider was previously responsible for high-profile hacks targeting Caesars Palace and MGM Resorts in Las Vegas, while operating as a subsidiary of the ALPHV ransomware-as-a-service operation.