21 November 2024

Five alleged Scattered Spider members charged for phishing and crypto heists


Five alleged Scattered Spider members charged for phishing and crypto heists

The US Department of Justice has indicted five individuals allegedly tied to the notorious cybercrime gang Scattered Spider. The suspects, accused of orchestrating multimillion-dollar cryptocurrency thefts and high-profile cyberattacks, now face charges that could land them in prison for decades.

The suspects named in the indictment are: Ahmed Hossam Eldin Elbadawy (23), aka ‘AD’, of College Station, Texas; Noah Michael Urban (20), aka ‘Sosa’ and ‘Elijah,’ of Palm Coast, Florida; Evans Onyeaka Osiebo (20), of Dallas, Texas; Joel Martin Evans (25), aka ‘joeleoli,’ of Jacksonville, North Carolina; Tyler Robert Buchanan (22), of the United Kingdom.

Urban was arrested in January on fraud charges, while Evans was apprehended earlier this week in North Carolina. Buchanan, considered a key leader of the group, was arrested in Spain in June. Scottish police raided Buchanan's home in 2023, discovering around 20 electronic devices, some of which contained phishing kits designed to transmit stolen data to a Telegram channel.

Court documents allege that Buchanan registered phishing websites, managed a Telegram coordination channel, and stole credentials that enabled the gang to compromise systems and cryptocurrency wallets. In one instance, the group stole 98.5 bitcoin, valued at $9.2 million.

Scattered Spider is suspected of executing high-profile attacks on MGM Resorts, Caesars Entertainment, and identity services provider Okta. Using SMS phishing and social engineering, the group allegedly launched a multi-year campaign to harvest credentials, compromise corporate systems, and siphon funds from cryptocurrency wallets.

Each suspect faces charges of conspiracy to commit wire fraud, conspiracy to commit identity theft, and aggravated identity theft—offenses carrying potential sentences of up to 20 years each. Buchanan faces an additional wire fraud charge, which could extend his sentence by another 20 years.

The DoJ also announced actions against PopeyeTools, a notorious online marketplace for stolen financial data and cybercrime tools. Three administrators—Abdul Ghaffar (25), Abdul Sami (35), and Javed Mirza (37)—were charged with conspiracy to commit access device fraud and related offenses.

Authorities seized three domain names hosting the marketplace and confiscated $283,000 in cryptocurrency from Sami's account. Active since 2016, PopeyeTools facilitated the sale of sensitive information belonging to at least 227,000 individuals, generating $1.7 million in illicit revenue.

If convicted, Ghaffar, Sami, and Mirza face up to 10 years in prison for each offense.


Back to the list

Latest Posts

Cisco says decade-old bug in ASA appliances exploited in the wild

Cisco says decade-old bug in ASA appliances exploited in the wild

The activity involving CVE-2014-2120 has been linked to the Mozi botnet.
3 December 2024
North Korea's Kimsuky group employs Russian sender addresses in phishing campaigns

North Korea's Kimsuky group employs Russian sender addresses in phishing campaigns

The objective of the attacks is credential theft, enabling Kimsuky to hijack victim accountsю
3 December 2024
Japanese crypto exchange DMM Bitcoin to shut down following $305M hack

Japanese crypto exchange DMM Bitcoin to shut down following $305M hack

It is believed that the North Korean state-backed threat actor Lazarus Group was behind the hack.
3 December 2024