The U.S. government has announced charges against five people accused of carrying out a multi-year hacking campaign (dubbed “0ktapus'' by security researchers) that targeted tech giants and crypto holders.
On Wednesday, the U.S. Department of Justice issued a press release announcing charges against five suspected hackers. Ahmed Hossam Eldin Elbadawi, 23, of College Station, Texas, Ahmed Hossam Eldin Elbadawi, 23, of College Station, Texas. Noah Michael Urban, 20, of Palm Coast, Florida. Evans Onyeaka Osigbo, 20, of Dallas, Texas. Joel Martin Evans, 25, of Jacksonville, North Carolina. and Tyler Robert Buchanan, 22, from the UK, who was arrested in Spain earlier this year.
According to a press release, the five accused hackers targeted employees of U.S. companies with phishing text messages to steal their credentials, which they then used to infiltrate and steal company data and hundreds of thousands of employees. He allegedly stole $10,000 worth of virtual currency. The hackers also allegedly used SIM swapping attacks to steal employee phone numbers and used password reset features to obtain passwords.
Victims mentioned in court documents released Wednesday include U.S.-based organizations that provide entertainment products, virtual currencies, cloud communications platforms, and telecommunications services. According to the indictment, the hackers allegedly stole $6.3 million in cryptocurrency from one anonymous victim.
“We allege that this group of cybercriminals stole tens of millions of dollars worth of intellectual property and proprietary information, and carried out a sophisticated scheme to steal personal information belonging to hundreds of thousands of individuals.” Press said U.S. Attorney Martin Estrada, quoted in the release. .
As part of the announcement, the Department of Justice unsealed three court documents related to the case.
Security researchers had previously linked the suspected hackers to 0ktapus, a prolific hacker group that used spoofs of the Okta login portal used by major technology companies. Hackers targeted hundreds of companies in a months-long hacking campaign in 2022, including Twilio, Coinbase, and Doordash, and again targeted game makers like Riot Games in 2023.
Since then, the hackers are believed to have been involved in other criminal cyberattacks under a group called “Scattered Spider.'' Department of Justice spokesperson Ciaran McEnvoy confirmed to TechCrunch that the five hackers are suspected to be part of a group known as Scattered Spider.
In one court document, prosecutors described the cybercrime organization as a “loosely organized, financially motivated cybercrime group whose members primarily comprised large corporations and their contract communications, information technology, and business process outsourcing suppliers.” We are targeting “.''
Buchanan and other hackers targeted at least 45 companies in Canada, the United States, the United Kingdom and other countries, according to one court document citing the FBI investigation.
Orbán is accused of stealing more than $800,000 in Bitcoin and Ethereum from multiple victims, according to one of the court documents. One of the documents also mentions “unindicted co-conspirators” and “other co-conspirators,” suggesting there are other suspects who have not yet been publicly charged with a crime.
The hackers are said to be part of a broader cybercrime community dubbed “The Com'' by researchers. This community is a highly nebulous network made up primarily of young adults and teenagers, who are skilled at impersonation and social engineering techniques that can trick employees into surrendering. Corporate password.
The National Crime Agency did not respond to a request for comment on Buchanan's arrest.
Carly Page contributed reporting.