CyberInsider

Reliable cybersecurity news and resources

General

Guides

About

Cyber Insider covers the latest news in the cybersecurity and data privacy world. In addition to news, we also publish in-depth guides and resources.
See our Mission >

U.S. Charges Five ‘Scattered Spider’ Members in $11M Cybercrime Case

By Leave a Comment

The U.S. Department of Justice (DoJ) has charged five individuals linked to the cybercriminal group “Scattered Spider” for conducting phishing attacks targeting corporate employees to steal sensitive data and cryptocurrency. The sophisticated scheme exploited SMS phishing, or “smishing,” to trick victims into divulging login credentials, enabling unauthorized access to corporate systems and cryptocurrency accounts, resulting in at least 11 million of dollars in theft.

Defendants

The indictment accuses the group of carrying out these attacks between September 2021 and April 2023. The defendants charged include:

  • Ahmed Hossam Eldin Elbadawy (“AD”), 23, of College Station, Texas
  • Noah Michael Urban (“Sosa”, “Elijah”), 20, of Palm Coast, Florida
  • Evans Onyeaka Osiebo, 20, of Dallas, Texas
  • Joel Martin Evans (“joeleoli”), 25, of Jacksonville, North Carolina
  • Tyler Robert Buchanan, 22, of the United Kingdom

The five face charges including conspiracy to commit wire fraud, aggravated identity theft, and related offenses. If convicted, they could face up to 20 years in federal prison for wire fraud conspiracy and additional penalties for other charges.

Scattered Spider's Methods

The DoJ alleges that Scattered Spider's members used mass phishing SMS campaigns to impersonate IT services and company portals. Messages falsely claimed employees’ accounts were at risk of deactivation, directing victims to phishing sites that mimicked legitimate corporate portals. Victims who entered their credentials inadvertently granted attackers access to sensitive corporate systems and personal cryptocurrency wallets.

The group used stolen credentials to access internal corporate systems, exfiltrating proprietary data, intellectual property, and personal information. They also leveraged SIM-swapping techniques to bypass two-factor authentication, enabling theft of millions in cryptocurrencies. Blockchain analysis tied funds to wallets controlled by the group, linking their activities to more than 45 companies across the U.S., Canada, India, and the UK.

This case follows the arrest of a suspected Scattered Spider leader in June 2024 at Palma de Mallorca Airport in Spain. The 22-year-old British national, believed to have orchestrated phishing and cryptocurrency thefts worth over $27 million, was apprehended while attempting to flee to Naples. The arrest, a collaboration between Spanish and U.S. authorities, has been pivotal in unraveling the operations of Scattered Spider, a group linked to high-profile attacks, including the MGM cyber breach.

About Alex Lekander

Alex is the founder and Editor-in-Chief of CyberInsider.com. His background and expertise includes digital privacy, security, and tech journalism. When he’s not working behind a screen, Alex is probably tinkering with a boat or enjoying the outdoors.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *