After more than two years of evading arrest following a hack that targeted some of the world's largest technology companies, U.S. authorities have finally announced that they have arrested at least some of the responsible hackers.
In August 2022, security researchers issued a warning that a group of hackers targeted more than 130 organizations and stole the credentials of approximately 10,000 employees as part of a sophisticated phishing campaign. The hackers specifically targeted businesses using Okta, a single sign-on provider used by thousands of businesses around the world to allow employees to log in from home.
Due to its focus on Okta, this hacker group was nicknamed “0ktapus.” To date, the group has hacked dozens of companies, including Caesars Entertainment, Coinbase, DoorDash, Mailchimp, Riot Games, and Twilio (twice).
Hackers' most notable large-scale cyberattack due to downtime and impact was the hack on MGM Resorts in September 2023, which reportedly caused at least $100 million in damages to the casino and hotel giant. . In this case, the hackers worked with the Russian-speaking ransomware group ALPHV to demand a ransom from MGM to get their files back. The hack was so disruptive that the MGM-owned casino was unable to provide service for several days.
As law enforcement has been closing in on hackers over the past two years, those in the cybersecurity industry are wondering how to classify hackers, and whether they fall into one group or another. I tried to understand exactly.
Hacker techniques such as social engineering, email and text message phishing, and SIM swapping are common and widespread. Some individual hackers were part of multiple groups responsible for different data breaches. This situation makes it difficult to understand exactly who belongs to which group. Cybersecurity giant CrowdStrike has named this umbrella hacker group “Scattered Spider,” and researchers believe there is some overlap with 0ktapus.
The group was so active and successful that in late 2023, US cybersecurity agencies CISA and the FBI announced that they would be investigating the group's activities and methods in order to help organizations prepare for and defend against anticipated attacks. issued an advisory detailing the
Scattered Spider is a “cybercrime group that targets large enterprises and their contracted IT help desks,” CISA said in its advisory. The agency warned that the group “usually engages in data theft for extortion purposes,” and also noted known links to ransomware criminal organizations.
One thing that is relatively certain is that most of the hackers speak English and are widely believed to be in their teens to early 20s, sometimes referred to as “highly tenacious teenagers.”
“There are a disproportionate number of minors involved because the legal environment in which minors exist is permissive and they know that nothing will happen to them if the police catch them. “This group intentionally recruits minors because of their age,” said lead researcher Alison Nixon. 221B unit, he told TechCrunch at the time.
Over the past two years, some members of 0ktapus and Scattered Spider have been associated with a similarly vague cybercriminal group known as “the Com.” People in this extensive cybercrime community are taking their crimes to the real world. Some of them have committed violent acts such as robbery, burglary and bricklaying. Hire thugs to throw bricks at someone's house or apartment. In addition to swatting, someone can also trick authorities into believing a violent crime is occurring, leading to the intervention of armed police forces. Although swatting originated as a prank, it has been known to have deadly consequences.
After two years of hacking, authorities have finally identified and begun prosecuting Scattered Spider members.
In July, British police confirmed the arrest of a 17-year-old in connection with the MGM hack.
In November, the U.S. Department of Justice announced indictments against five hackers. Noah Michael Urban, 20, of Palm Coast, Florida, was arrested in January. Evans Onyeaka Osigbo, 20, of Dallas, Texas. Joel Martin Evans, 25, of Jacksonville, North Carolina. Tyler Robert Buchanan, 22, from the UK, was arrested in Spain in June.