Five alleged members of the infamous Scattered Spider cybercrime crew have been indicted in the U.S. for targeting employees of companies across the country using social engineering techniques to harvest credentials and using them to gain unauthorized access to sensitive data and break into crypto accounts to steal digital assets worth millions of dollars.
All of the accused parties have been charged with one count of conspiracy to commit wire fraud, one count of conspiracy, and one count of aggravated identity theft. They include –
- Ahmed Hossam Eldin Elbadawy, 23, aka AD, of College Station, Texas
- Noah Michael Urban, 20, aka Sosa and Elijah, of Palm Coast, Florida
- Evans Onyeaka Osiebo, 20, of Dallas, Texas
- Joel Martin Evans, 25, aka joeleoli, of Jacksonville, North Carolina; and
- Tyler Robert Buchanan, 22, aka tylerb, of the U.K.
While the name Scattered Spider is not directly referenced in the indictment document, it has been described as “a loosely organized financially motivated cybercriminal group whose members primarily target large companies and their contracted telecommunications, information technology, and business process outsourcing suppliers.”
Evans, per the U.S. Department of Justice (DoJ) was arrested by the Federal Bureau of Investigation (FBI) on November 19, 2024. It’s worth noting that Buchanan was apprehended from Spain back in June 2024. Another 17-year-old U.K. teen was arrested a month later. Urban, who was arrested earlier this January, is also facing separate charges relating to SIM swapping attacks in Florida.
“We allege that this group of cybercriminals perpetrated a sophisticated scheme to steal intellectual property and proprietary information worth tens of millions of dollars and steal personal information belonging to hundreds of thousands of individuals,” said U.S. attorney Martin Estrada.
“As this case shows, phishing and hacking has become increasingly sophisticated and can result in enormous losses. If something about the text or email you received or website you’re viewing seems off, it probably is.”
Court documents allege that the defendants conducted phishing attacks from at least September 2021 to April 2023 by sending SMS messages to company employees, claiming to be from the firm itself or a contracted information technology or business services supplier of the victim.
The text messages went on to claim that their accounts were about to be deactivated and that they needed to click on a provided link to reset their credentials, causing some unwitting users to provide their login information on the fake pages.
Armed with the credentials, the gang gained illicit access to corporate networks and stole non-public data and personal identifying information, as well as siphoned no less than $11 million in cryptocurrency from individual victims.
“The purpose of the phishing scheme targeting companies was in part to access tools necessary for SIM swapping as well as to access customer/identifying information, that could then be used to ultimately steal cryptocurrency,” the complaint reads.
Buchanan and his coconspirators are believed to have targeted at least 45 companies in the U.S. and abroad, including Canada, India, and the U.K. If convicted, each of the U.S.-based defendants face up to 27 years in prison for all the charges, with Buchanan also facing up to 20 years in prison for the wire fraud count.
“The defendants allegedly preyed on unsuspecting victims in this phishing scheme and used their personal information as a gateway to steal millions in their cryptocurrency accounts,” Akil Davis, the assistant director in charge of the FBI’s Los Angeles Field Office, said.
“These types of fraudulent solicitations are ubiquitous and rob American victims of their hard-earned money with the click of a mouse.”