17 June 2024

Alleged Scattered Spider leader arrested in Spain


Alleged Scattered Spider leader arrested in Spain

A 22-year-old British national was arrested at Palma Airport on suspicion of being the ringleader of a sophisticated hacking group that targeted 45 companies and individuals in the United States. This arrest was the result of a coordinated effort between Spanish police and the FBI.

The suspect, whose identity has not been disclosed, is believed to have led an organized group specializing in the theft of sensitive information and cryptocurrencies. Through elaborate phishing techniques, the group allegedly obtained access credentials from individuals, which were then used to infiltrate corporate systems. Once inside, they seized sensitive information and took control of victims' cryptocurrency wallets.

The investigation revealed that the group managed to gain control of 391 bitcoins, valued at over $27 million. According to Palma police, the suspect “controlled” these bitcoins at one point.

The FBI in Los Angeles first raised the alarm after several companies reported being hacked. This led to a joint investigation with Spanish authorities, who tracked the suspect's movements. It was determined that he had entered Spain via Barcelona at the end of May, eventually leading authorities to his location in Mallorca.

A judge in Los Angeles issued a warrant for the suspect's arrest, which was executed by Palma police detectives as he was preparing to board a flight to Italy. During the arrest, police confiscated a laptop and a mobile phone.

According to a post from the VX-Underground malware-sharing collective, the suspect, known online under the alias “Tyler,” is allegedly linked to the Scattered Spider cybercrime group and is believed to be a key player in the MGM ransomware attack.


Back to the list

Latest Posts

Daggerfly APT targets Taiwanese orgs and US NGO in China with upgraded malware arsenal

Daggerfly APT targets Taiwanese orgs and US NGO in China with upgraded malware arsenal

The attackers exploited a bug in an Apache HTTP server to deliver the MgBot malware.
23 July 2024
New FrostyGoop ICS malware left over 600 apartment buildings in Ukraine without heat

New FrostyGoop ICS malware left over 600 apartment buildings in Ukraine without heat

The attackers likely gained access through a vulnerability in an externally facing Mikrotik router.
23 July 2024
NCA infiltrates, disrupts Digitalstress DDoS-for-Hire service

NCA infiltrates, disrupts Digitalstress DDoS-for-Hire service

The crackdown follows the arrest of one of the site's suspected admins earlier this month.
23 July 2024