British authorities on Thursday announced the arrest of a 17-year-old man in connection with a cyberattack on Transport for London (TfL).
“A 17-year-old male has been arrested on suspicion of breaching the Computer Misuse Act in connection with an attack on TfL on 1 September,” the UK’s National Crime Agency (NCA) said. said.
The teenager, from Walsall, is said to have been arrested on September 5, 2024 following an investigation that was launched following the incident.
Law enforcement agencies reported that the unnamed person was questioned and later released on bail.
“Attacks on public infrastructure such as this can be very disruptive and have serious consequences for local communities and national systems,” said Deputy Director Paul Foster, head of the NCA’s National Cybercrime Unit.
“TfL’s quick response following the incident allowed us to act quickly and we are grateful for their continued cooperation with our ongoing investigation.”
TfL has since confirmed that the security breach resulted in unauthorized access to bank account numbers and sorting codes for around 5,000 customers and that it will be contacting those affected directly.
“While the impact on our customers has been very minor, the situation is evolving and our investigations have revealed that certain customer data has been accessed,” TfL said. said.
“This includes some customers’ names and contact information, including email addresses and home addresses when provided.”
It should be noted that West Midlands Police previously arrested A 17-year-old boy, also from Walsall, in July 2024 in connection with the ransomware attack on MGM Resorts. The incident was attributed to the infamous “Scattered Spider” group.
It is currently unclear whether the two events involve the same person. Back in June, there was another 22-year-old British citizen arrested in Spain for his alleged involvement in several ransomware attacks perpetrated by Scattered Spider.
The Dangerous Cybercrime Group is part of a larger collective called The Com, a loosely-knit ecosystem of diverse groups involved in cybercrime, squatting and physical violence. It is also tracked as 0ktapus, Octo Tempest and UNC3944.
According to a new report by EclecticIQ, Scattered Spider ransomware operations are becoming increasingly sophisticated in the cloud infrastructures of the insurance and financial sectors, repeating similar analysis by Resilience Threat Intelligence in May 2024
The group has a well-documented history of gaining permanent access to cloud environments through sophisticated social engineering tactics, as well as acquiring stolen credentials, performing SIM card swaps, and using proprietary cloud tools.
“Scattered Spider often uses phone social engineering techniques such as voice phishing (vishing) and text message phishing (smishing) to trick and manipulate targets, mainly targeting IT support services and identity administrators,” security researcher Arda Buyukkai said.
“A group of cybercriminals are abusing legitimate cloud tools, such as Azure’s dedicated administration console and data factory, to remotely execute commands, transmit data, and maintain persistence while avoiding detection.”
