Federal prosecutors have charged five individuals allegedly connected to the notorious Scattered Spider cybercrime group, which was behind the high-profile attacks on MGM Resorts and other major companies.
The defendants include 22-year-old British national Tyler Robert Buchanan, who was arrested in Spain in June 2024, and four US nationals: Ahmed Hossam Edin Elbadaway (23), Noah Michael Urban (20), Evans Onyeaka Osiebo (20), and Joel Martin Evans (25).
The group faces charges of conspiracy to commit wire fraud, conspiracy, and aggravated identity theft. Buchanan faces an additional wire fraud charge. If convicted, each defendant could face up to 27 years in prison, with Buchanan potentially facing an extra 20 years.
According to court documents, between 2021 and 2023, the gang conducted sophisticated phishing attacks using SMS messages targeting company employees. They impersonated IT service providers, particularly Okta, warning employees about account lockouts and directing them to fake websites where victims entered their login credentials and multi-factor authentication details.
"We allege that this group of cyber criminals perpetrated a sophisticated scheme to steal intellectual property and proprietary information worth tens of millions of dollars," said US Attorney Martin Estrada.
The gang's effectiveness stemmed from its members being native English speakers, allowing them to craft more convincing messages compared to non-native speakers. They allegedly threatened victims with job loss and physical violence against them and their families.
The hackers gained unauthorized access to cryptocurrency accounts and wallets, potentially stealing millions in virtual currency. They also deployed ransomware as affiliates of the ALPHV/BlackCat operation.
FBI Assistant Director Akil Davis noted that the suspects "preyed on unsuspecting victims in this phishing scheme and used their personal information as a gateway to steal millions in their cryptocurrency accounts."
The arrests mark a notable success for law enforcement in disrupting the group's operations. According to Mandiant's Chief Technology Officer Charles Carmakal, these actions have "significantly hampered the group's fast-paced tempo this year."