Five alleged members of the infamous Scattered Spider cybercrime group have been charged by the Justice Department with coordinating massive phishing campaigns, stealing employee login credentials, exfiltrating confidential information, and embezzling more than $11 million in cryptocurrency.
According to reports, the group, which has been connected to high-profile operations like the ransomware crisis at MGM Casino last year, targeted at least 29 victims and gained access to enterprise networks to steal financial and corporate assets.
Aggravated identity theft, wire fraud, and conspiracy to commit wire fraud are among the allegations. Buchanan could receive up to 45 years in jail, while each American suspect faces up to 25 years. Urban has been detained since January on unrelated fraud allegations, while Evans was recently arrested in North Carolina. Osiebo and Elbadawy’s whereabouts are still unknown, and it’s unclear if Buchanan will be extradited.
Scattered Spider, according to the FBI, is a branch of “the Community,” a loose association of cybercriminals known as “the Com.” The group’s global reach is demonstrated by the fact that members have been previously captured in Spain and the United Kingdom. Targets of Scattered Spider, which is well-known for its intricate social engineering techniques, have included well-known businesses such as Reddit, Riot Games, Twilio, Mailchimp, LastPass, and Coinbase.
The most recent indictments demonstrate the group’s wide range of victims, which includes private citizens, cloud communications services, technological corporations, interactive entertainment companies, telecom providers, and cryptocurrency platforms.
Federal authorities are currently facing the difficulty of prosecuting cybercriminals who operate across different jurisdictions, indicating an ongoing worldwide crackdown on organized cybercrime networks.