US Charges 5 Members of Scattered Spider Hacking Group

US Charges 5 Members of Scattered Spider Hacking Group

The US has charged five suspects believed to be part of Scattered Spider, the infamous hacking group behind the ransomware attack against MGM Resorts last year.

On Wednesday, federal investigators unsealed charges against five defendants for using phishing messages to help them hack into companies nationwide. 

A Justice Department spokesman added that federal investigators believe all five members were part of Scattered Spider. Indeed, two of the named suspects, 22-year-old Tyler Robert Buchanan of the UK and 20-year-old Noah Michael Urban of Florida, were arrested earlier this year and have been linked to the hacking group. 

Wednesday’s announcement names three other alleged members of the group: 23-year-old Ahmed Elbadawy and 20-year-old Evans Osiebo, both from Texas, and 25-year-old Joel Evans of North Carolina. US investigators arrested Evans on Tuesday.

Federal prosecutors allege that the five suspects sent SMS text messages to employees at companies they sought to breach. The texts looked like official alerts and told employees that their accounts were about to be deactivated unless they took action. In reality, the text messages redirected victims to web pages designed to trick the employee into giving up their work logins.

“The defendants then used the stolen credentials to gain unauthorized access [to] the accounts of victim companies’ employees and the companies’ computer systems to steal confidential information, including confidential work product, intellectual property, and personal identifying information, such as account access credentials, names, email addresses, and telephone numbers,” the Justice Department says. 

In some cases, the five suspects used the stolen information to take over cryptocurrency accounts and steal millions. 

The announcement doesn’t mention Scattered Spider’s hack of MGM Resorts and Caesars Entertainment. But security researchers say Scattered Spider operates more as a loose-knit group that uses various tactics, such as posing as IT support staff to phish victims and teaming up with ransomware gangs.

Recommended by Our Editors

According to court documents, the FBI identified Buchanan’s role in the hacks due to his computer’s IP address being used to buy domains to host the phishing pages. In April 2023, a few months before the MGM Resorts attack, police in the UK raided his home and seized 20 devices, which uncovered more evidence of his hacking activities.  

“The FBI’s investigation to date has gathered evidence showing that Buchanan and his co-conspirators targeted at least 45 companies in the United States and abroad, including Canada, India, and the United Kingdom,” the court document adds. “Buchanan’s digital devices also contained communications with Co-conspirator 1, including Telegram messages where Buchanan provided information about potential victims to target for cryptocurrency theft.”

If convicted, the suspects face a maximum of up to 27 years of prison on the charges, which include conspiracy to commit wire fraud and aggravated identity theft.

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.

About Michael Kan

Senior Reporter

I’ve been working as a journalist for over 15 years—I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017.


Read Michael’s full bio

Read the latest from Michael Kan

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *