The U.S. Department of Justice (DOJ) has charged five individuals believed to be part of the Scattered Spider hacking group, accusing them of orchestrating a series of phishing and hacking attacks that targeted companies across the country. Federal investigators unsealed the charges on Wednesday, identifying the suspects and detailing their alleged multi-year cybercrime spree.
The accused include Ahmed Hossam Eldin Elbadawy, 23, and Evans Onyeaka Osiebo, 20, both from Texas; Joel Martin Evans, 25, of North Carolina; Noah Michael Urban, 20, of Florida; and Tyler Robert Buchanan, 22, a U.K. citizen. Buchanan, previously arrested in Spain, and Urban were already linked to Scattered Spider by investigators earlier this year. Authorities apprehended Joel Evans on Tuesday.
The DOJ alleges that the group used phishing schemes to target employees at tech firms, telecommunications companies, and other industries. They reportedly sent deceptive SMS messages claiming employees’ accounts were about to be deactivated, redirecting victims to fake login pages to steal their credentials. These credentials were then exploited to access company systems, pilfer confidential information, and hijack cryptocurrency accounts.
According to prosecutors, the hackers stole intellectual property, sensitive employee data, and cryptocurrency worth millions of dollars. In one case, the group allegedly drained $6.3 million from a single cryptocurrency account. The suspects are also accused of using SIM-swapping techniques to intercept employee phone numbers and bypass security protocols.
Investigators have connected the accused to multiple cybercriminal groups, including Scattered Spider, a loose-knit organization known for sophisticated social engineering tactics and partnerships with ransomware gangs. The DOJ has also linked the group to the 0ktapus hacking campaign, which targeted over 100 companies in 2022 and 2023, including Twilio, Coinbase, and Riot Games.
The unsealed court documents describe Scattered Spider as a financially motivated group operating globally, targeting major corporations and their contractors. The suspects allegedly shared stolen data and cryptocurrency through online channels, including Telegram. Buchanan and Urban are accused of leading efforts to defraud victims, while Evans reportedly managed phishing tools and infrastructure used in the attacks.
Despite the charges, the announcement did not explicitly address Scattered Spider’s alleged involvement in ransomware attacks on MGM Resorts and Caesars Entertainment. However, security researchers have observed the group using tactics such as impersonating IT staff to compromise corporate systems.
The DOJ has not ruled out the possibility of additional arrests, as court documents reference unnamed co-conspirators and a broader network of cybercriminals. The case underscores the evolving threat posed by decentralized hacking groups leveraging advanced social engineering methods.
Featured image courtesy of Pixabay
Follow us for more updates on cyber threats.