Members suspected of “scattered spider” extradition to us – Krebs about security

A 23-year-old Scottish man is considered a prolific member Scattered spiders Cybercrime group was extradited from Spain to the United States last week and he faces charges of wire fraud, conspiracy and identity theft. U.S. Attorneys Charged Tyler Robert Buchanan Accomplice breaking into dozens of companies in the United States and abroad, and he personally controlled more than $26 million in victims.

Scattered Spider is a loose group of criminal hackers whose members have broken into and stole data from some of the world’s largest technology companies. Buchanan was arrested in Spain last year on a FBI arrest warrant that hopes he is linked to a series of SMS-based phishing attacks in the summer of 2022 that have resulted in invasions by Twilio, Lastpass, Doordash, Mailchimp, Mailchimp and many other technology companies.

As Krebsoncurity first reported, Buchanan (aka “Buchanan”) fled the UK in February 2023 as a rival cybercrime gang hired thugs to beat his home and threatened to burn him with bragging, unless he gave him a cryptoctocurnenty altertent. Buchanan was arrested in June 2024 at the airport in Palma de Mallorca, trying to board a flight to Italy. Last week, his extradition was first reported to the United States Bloomberg.

Scattered Spider Members Has Related to Ransomware Attacks in 2023 MGM and Caesar Casinos in Las Vegas, but it is not clear if Buchanan is related to the incident. The Justice Department’s complaint against Buchanan did not mention the 2023 ransomware attack.

Instead, the investigation into Buchanan appears to be centered on SMS phishing campaigns in 2022 and is based on simulated attacks that have driven out funds from individual cryptocurrency investors. In SIM attacks, Crooks transfer the target’s phone number to the device they control and intercept any text messages or calls to the victim’s device, including one-time password verification and password reset links sent via SMS.

In August 2022, Krebsonsecurity reviewed data harvested from months of cybercrime activity that was scattered spiders involved countless SMS-based SMS-based phishing attacks on employees of large companies. Security companies IB Call them by different names – 0ktapusbecause groups often trick the identity provider Okta In their phishing information to target company employees.

In 2022, the scattered spider/0ktapus SMS web bait was sent to Twilio employees.

The complaint against Buchanan (PDF) says the FBI linked him to the 2022 SMS phishing attack after discovering the same username and email address to register many of the OKTA-themed phishing domains seen in the campaign. Domain Registration namecheap Discovered less than a month before the phishing orgy, those domain names registered for logging in from the FBI’s internet address said Scottish police told them that the address had leased it to Buchanan from 26 January 2022 to 7 November 2022.

When authorities raided Buchanan’s residence, authorities seized at least 20 digital devices, and on one of them they found usernames and passwords targeting employees of three different companies in the phishing campaign.

“So far, the FBI investigation has collected evidence that Buchanan and his accomplices targeted at least 45 companies in the United States and abroad, including Canada, India and the United Kingdom,” the FBI complaint read. “One of Buchanan’s devices contains a screenshot of a telegram message, while Buchanan’s known accounts and other unidentified accomplices discuss the distribution of proceeds for exchanging SIM cards.”

U.S. prosecutors claim records obtained from Discord show that the same British internet address was used to operate a failed account when other users were asked to send funds. The complaint says the public transaction history of the payment address shows that in October 2022 and
February 2023; Currently, the value of 391 Bitcoin is over $26 million.

In November 2024, federal prosecutors in Los Angeles filed unsealed criminal charges against Buchanan and four other allegedly dispersed spider members, including Ahmed Elbadawy23 years old at the University of Texas Station; Joel Evans25, Jacksonville, North Carolina; Evans Osiebo20 years old in Dallas; and Noah City20 years old on the Palm Coast, Florida. Krebsonsecurity reported last year that another suspected scattered spider member, a 17-year-old from the UK, was arrested as part of a joint investigation into the MGM hacker (FBI) with the FBI.

Mr Buchanan’s court-appointed attorney did not respond to a request for comment. The defendant faces allegations of wire fraud conspiracy to obtain information through computers for private financial gain and aggravate identity theft. The minimum sentence for conviction in the latter charge is two years.

U.S. District Court for Central California states that Buchanan is holding Buchanan without a bail trial. The preliminary hearing on the case was held on May 6.