Spanish police have arrested a British man for allegedly leading an organised cybercrime ring that breached dozens of US companies.
Spanish police confirmed in a press release that the 22-year-old Briton, whose name has not been released, was arrested at Parma airport as he was attempting to leave the country on a charter flight to Naples.
Spanish police said in a statement that the alleged hacker used phishing techniques to steal passwords and break into at least 45 companies in the United States, stealing internal corporate information and cryptocurrency. Police said the suspected hacker had $27 million worth of cryptocurrency in his possession at the time of his arrest.
A video of the suspect's arrest was posted to YouTube by police.
Spanish police did not name the suspect or the cybercrime group he allegedly led, and an FBI spokesperson declined to comment when contacted by TechCrunch.
TechCrunch has learned that the individual arrested is the alleged leader of a group that orchestrated cyber attacks targeting Twilio in 2022, according to a person familiar with cybercrime activity.
The arrested suspects allegedly led a hacking group known as “0ktapus,” which twice breached Twilio, a company that provides calling and messaging services to other companies. In a months-long hacking attack throughout 2022, nearly 10,000 employee passwords were stolen and then used to infiltrate the networks of Twilio customers. The hacking group targeted more than 100 Twilio customers, including DoorDash and Signal, using phishing scams designed to resemble the login pages of Okta, after which the group takes its name.
TechCrunch is not naming the suspect because it is unclear whether he has yet been charged with any crimes.
The arrest comes nearly two years after the 0ktapus gang first emerged as a cybercrime organization, highlighting the complexity of investigating some cybercrime groups.
The hackers are said to be part of a broader cybercriminal community dubbed “Com” by researchers, which has emerged in recent years as a vaguely large network of mostly young people skilled in social engineering and impersonation tactics, such as tricking employees into giving up their company passwords. According to CyberScoop, the FBI recently described Com as a “very large, widely dispersed group of individuals,” said to have around 1,000 members around the world. Com's activities sometimes include physical violence and intimidation, including hacker-on-hacker attacks.
People associated with Com, though going by different group names and affiliations, have been blamed for cyber attacks targeting Las Vegas casino giants MGM and Caesars Entertainment.
Earlier this year, US prosecutors indicted a 19-year-old Florida man on multiple charges of wire fraud, identity theft and conspiracy, and security reporter Brian Krebs linked the suspected hacker to the 0ktapus gang.