The US has indicted five men over alleged involvement in a sophisticated scheme that utilized phishing attacks and social engineering tactics.
The Department of Justice (DoJ) unsealed criminal charges against several defendants suspected of targeting company employees with phishing messages and later using stolen credentials to breach several organizations.
Four US residents, Ahmed Hossam Eldin Elbadawy, Noah Michael Urban, Evans Onyeaka Osiebo, and Joel Martin Evans, as well as one UK resident, Tyler Robert Buchanan, face allegations of wire fraud, conspiracy and aggravated identity theft. If convicted, the defendants face up to two decades behind bars.
Urban was arrested in January, while Evans was supposedly cuffed on November 19th. The defendants are between 20 and 25 years old.
Meanwhile, Buchanan was arrested in Spain earlier this year for links to the hacker group behind attacks on MGM Resorts, Caesars Hotel, Okta, and many others.
DoJ's spokesperson confirmed to Cybernews that all five indicted individuals are associated with Scattered Spider hacker group.
Court documents allege that from at least September 2021 to April 2023, defendants sent SMS messages en masse to employees of targeted companies. The messages would say employee accounts are to be deactivated, and victims should follow a link in the message to prevent that from happening.
The links would take victims to a convincing replica of their work environment, set up by the attackers. All details victims entered on the fake website would fall into the cybercrooks’ hands, allowing attackers to breach numerous organizations.
“We allege that this group of cybercriminals perpetrated a sophisticated scheme to steal intellectual property and proprietary information worth tens of millions of dollars and steal personal information belonging to hundreds of thousands of individuals,” said United States Attorney Martin Estrada.
Updated on November 21st [03:25 p.m. GMT] with a confirmation from the DoJ.
Your email address will not be published. Required fields are markedmarked