Scattered Spider suspects indicted

The investigation, led by the FBI, resulted in multiple high-profile arrests

The US Department of Justice (DOJ) has charged five individuals believed to be part of the infamous Scattered Spider cybercrime gang for orchestrating a multi-million-dollar phishing and hacking scheme.

The group, known for its sophisticated social engineering and phishing attacks, is accused of stealing millions of dollars in cryptocurrency and sensitive data from dozens of victims, including both individuals and companies.

The defendants – identified as Ahmed Hossam Eldin Elbadawy, aka "AD," of College Station, Texas; Noah Michael Urban, aka "Sosa" and "Elijah," of Palm Coast, Florida; Evans Onyeaka Osiebo, of Dallas, Texas; Joel Martin Evans, aka "joeleoli," of Jacksonville, North Carolina; and Tyler Robert Buchanan, aka "tylerb," of the United Kingdom – face charges of wire fraud, wire fraud conspiracy, and aggravated identity theft.

From September 2021 to April 2023, the group allegedly executed phishing attacks by sending fraudulent SMS messages to employees, posing as representatives from their companies or IT contractors.

These messages claimed users' accounts were at risk of deactivation, prompting victims to click links leading to spoofed login pages.

In one instance, they sent messages claiming employees' VPN access was being deactivated. They asked employees to visit a fake website to reactivate it. Other phishing campaigns mimicked password change notifications.

The stolen credentials enabled the hackers to infiltrate corporate systems, steal proprietary information, and access tools for SIM-swapping attacks.

The DOJ stated that the gang exploited their access to steal at least $11 million in cryptocurrency from individual victims and sensitive data from over 45 companies, including firms in the US, Canada, India and the UK.

The investigation, led by the FBI, resulted in multiple high-profile arrests.

Evans was taken into custody on 19^th November 2024, while Buchanan, who had been apprehended in Spain earlier in June, awaits extradition.

Urban, arrested in January 2024, is also facing additional charges related to SIM-swapping attacks in Florida. A 17-year-old UK suspect, allegedly linked to the group, was arrested in July 2024.

If convicted, the defendants face severe penalties. US-based members could serve up to 27 years in prison for all charges. Buchanan, the alleged mastermind, faces an additional 20 years for the wire fraud count.

Unlike traditional cybercrime groups, Scattered Spider gang operates as a loose network of English-speaking hackers, some as young as 16.

Despite their varied skillsets, these hackers work together, planning attacks and communicating through online platforms like Telegram and Discord.

Security researchers have uncovered several aliases linked to the Scattered Spider, including Scatter Swine, 0ktapus, Octo Tempest, UNC3944, Muddled Libra, and Starfraud.

Some members of the group are suspected to also be involved with "The Comm," a separate hacking collective associated with cyberattacks and even incidents of violence.

The fluid structure of the gang poses a significant challenge for law enforcement in tracking their activities and attributing specific attacks.

Since 2023, the group has reportedly formed alliances with various Russian ransomware gangs, further expanding its criminal operations.

"The days of easy money and no consequences are over," said Allison Nixon, chief research officer at cybersecurity company Unit 221B.

"Defenders and law enforcement are meeting this wave of cybercrime aggressively now. Young people that have fallen into online crime culture need to exit before they become the next target."