Federal prosecutors have unveiled charges against five individuals allegedly connected to the notorious Scattered Spider cybercrime group, accusing them of orchestrating sophisticated phishing campaigns that resulted in the theft of $11 million and sensitive corporate data.
The defendants include one British national - Tyler Robert Buchanan, 22, from Scotland - and four Americans: Ahmed Hossam Eldin Elbadawy, 23, Tyler Robert Urban, 20, Evans Onyeaka Osiebo, 20, and Joel Martin Evans, 25.
The group allegedly targeted major companies and their technology suppliers between September 2021 and April 2023. Their tactics involved sending fraudulent SMS messages that appeared to come from legitimate companies, warning employees their work accounts would be deactivated unless they logged in immediately through malicious phishing links.
According to court documents, the hackers used stolen credentials to access corporate systems and steal confidential information, intellectual property, and cryptocurrency from employee wallets. The group is connected to several high-profile breaches, including last year's devastating ransomware attack on MGM Casino that disrupted operations in Las Vegas for weeks.
"This group of cybercriminals perpetrated a sophisticated scheme to steal intellectual property and proprietary information worth tens of millions of dollars," said U.S. Attorney Martin Estrada.
The American defendants face charges of wire fraud conspiracy and aggravated identity theft, with potential sentences of up to 25 years. Buchanan faces additional wire fraud charges that could add 20 years to his sentence if convicted.
While Evans was arrested Tuesday in North Carolina and Urban was detained in Florida in January, authorities are still searching for the other two American suspects. Buchanan's potential extradition from Scotland remains unclear.
Microsoft security researchers previously identified Scattered Spider as "one of the most dangerous financial criminal groups," noting their aggressive tactics included threatening employees with termination or violence. The group has been linked to attacks on major platforms including Coinbase, Twilio, Mailchimp, LastPass, Riot Games and Reddit.
Several other alleged members of Scattered Spider, which emerged from a larger criminal network known as "the Community," have been arrested in Spain and the United Kingdom as international law enforcement continues investigating the group's activities.