British Scattered Spider hacker admits crypto theft
▼ Summary
– Tyler Robert Buchanan, the alleged leader of the Scattered Spider cybercrime group, pleaded guilty in the U.S. to wire fraud and aggravated identity theft.
– He and accomplices stole at least $8 million in cryptocurrency by hacking companies via SMS phishing attacks between 2021 and 2023.
– The attacks involved sending fake text messages that led to phishing websites to steal login credentials and personal information.
– Buchanan was arrested in Spain and faces up to 22 years in prison, with several accomplices also charged or sentenced.
– Scattered Spider is a loose hacking collective known for partnering with Russian ransomware gangs and breaching major companies like MGM Resorts and Caesars.
A British national, identified as a leader of the Scattered Spider cybercrime group, has entered a guilty plea in a U.S. court for his role in a multi-million dollar cryptocurrency theft scheme. Tyler Robert Buchanan, 24, admitted to charges of wire fraud and aggravated identity theft following a series of sophisticated SMS phishing attacks targeting corporate employees. The operation, which ran from late 2021 through early 2023, siphoned at least $8 million in digital assets from over a dozen victim companies.
Prosecutors detailed a methodical campaign where Buchanan and his accomplices sent hundreds of deceptive text messages. These communications impersonated legitimate IT or business process outsourcing providers for the targeted firms. Each message contained a link to a counterfeit login page designed to harvest confidential credentials. Once they obtained personal identifying information and passwords, the hackers executed SIM swap attacks to hijack victim phone numbers and gain control of associated email and cryptocurrency wallets, facilitating the illicit transfers.
Buchanan was apprehended in Spain in June 2024 and has been held in U. S. federal custody since April of last year. His sentencing is scheduled for August 2026, where he faces a potential maximum prison term of 22 years. Three co-conspirators, Ahmed Hossam Eldin Elbadawy, Evans Onyeaka Osiebo, and Joel Martin Evans, were charged in late 2024 with similar offenses and could receive up to 20 years imprisonment. A fourth key member of the collective, Noah Michael Urban, was sentenced to a decade in prison last year after pleading guilty.
The Scattered Spider hacking collective, also known by aliases like 0ktapus and UNC3944, operates as a loosely organized network of primarily English-speaking threat actors. The group, which includes individuals as young as 16, coordinates via platforms like Telegram and Discord. Their cyberattack tactics extend beyond phishing to include social engineering, multi-factor authentication bombing, and SIM swapping. Intelligence agencies note that some members are also affiliated with “the Com,” a separate collective linked to both cyber and physical crimes.
Further elevating their threat level, Scattered Spider has established partnerships with several prominent Russian ransomware gangs, including BlackCat/AlphV and RansomHub, since early 2023. Their activities have impacted major organizations across sectors, with high-profile breaches linked to Caesars Entertainment, MGM Resorts, and technology firms like Twilio and Reddit. In a related action, UK authorities arrested a 17-year-old suspected member in mid-2024 for involvement in the MGM Resorts attack, underscoring the group’s continued operational reach.
(Source: BleepingComputer)