Five alleged members of the infamous Scattered Spider cybercriminal group were accused in the US for attacking company employees across the country using social engineering techniques to obtain credentials and use them to gain unauthorized access to sensitive data and hack crypto accounts to steal millions of dollars in digital assets.
All defendants are charged with one count of conspiracy to commit wire fraud, one count of conspiracy and one count of aggravated identity theft. They include –
- Ahmed Hosam Eldin Elbadawy, 23, aka AD, of College Station, Texas
- Noah Michael Urban, 20, aka Sosa and Elijah, of Palm Coast, Florida
- Evans Onyeaka Asieba, 20, of Dallas, Texas
- Joel Martin Evans, 25, aka Joelloli, of Jacksonville, North Carolina; and
- Tyler Robert Buchanan, 22, aka Tylerb, from the UK
While the title Scattered spider unnamed in court documents, it was described as a “loosely organized, financially motivated cybercriminal group whose members primarily target large companies and the telecommunications, information technology and business process outsourcing providers that work with them.”
Evans, according to the US Department of Justice (DoJ), was arrested by the Federal Bureau of Investigation (FBI) on November 19, 2024. It should be noted that Buchanan was arrested from Spain in June 2024. Another 17-year-old from Great Britain was arrested in a month. Urban is also said to be facing separate charges which refer to SIM replacement attacks in Florida.
“We allege that this group of cybercriminals engaged in a sophisticated scheme to steal tens of millions of dollars worth of intellectual property and business information and steal personal information belonging to hundreds of thousands of people,” said US Attorney Martin Estrada.
“As this case shows, phishing and hacking are becoming more sophisticated and can lead to huge losses. If something in a text or email you receive or a website you’re browsing seems wrong, it probably is.’
Court documents allege that the defendants conducted phishing attacks from at least September 2021 to April 2023 by sending SMS messages to company employees claiming to be from the firm itself or the victim’s IT or business services provider.
The text messages claimed that their accounts were about to be deactivated and that they needed to click on a provided link to reset their credentials, leading some users to unwittingly submit their login details to fake pages.
Armed with the credentials, the gang illegally accessed corporate networks and stole non-public data and personal information, as well as siphoning off at least $11 million in cryptocurrency from individual victims.
“The purpose of the phishing scheme targeting the companies was in part to gain access to the tools needed to replace the SIM card, as well as gain access to customer information/identification information that could then be used to ultimately steal the cryptocurrency,” the statement said. complaint.
Buchanan and his associates are believed to have targeted at least 45 companies in the US and abroad, including Canada, India and the UK. Buchanan also faces up to 20 years in prison for fraud.
“The defendants allegedly preyed on unsuspecting victims in this phishing scheme and used their personal information as a gateway to steal millions from their cryptocurrency accounts,” said Akil Davis, assistant director of the FBI’s Los Angeles field office.
“These types of fraudulent solicitations are ubiquitous and rob American victims of their hard-earned money with the click of a mouse.”
