Five alleged hackers linked to sophisticated phishing attacks have been indicted by federal authorities, potentially connected to the notorious "Scattered Spider" hacking group responsible for major corporate breaches.

Four suspects were indicted and a fifth received a criminal complaint for orchestrating attacks that resulted in approximately $11M in stolen cryptocurrency from 29 victims, along with data theft from numerous companies.

The defendants are:

• Ahmed Hossam Eldin Elbadawy, 23, from Texas
• Noah Michael Urban, 20, from Florida
• Evans Onyeaka Osiebo, 20, from Texas
• Joel Martin Evans, 25, from North Carolina
• Tyler Robert Buchanan, 22, from the UK (criminal complaint)

Between September 2021 and April 2023, the group allegedly conducted sophisticated phishing attacks by:

• Sending fake SMS messages to company employees
• Creating deceptive websites to collect login credentials
• Accessing corporate networks to steal confidential data
• Targeting cryptocurrency accounts

While Scattered Spider was blamed for the 2023 MGM Resorts and Caesars Entertainment attacks, direct involvement of these suspects in those specific incidents remains unclear. An MGM source indicated these individuals were likely not involved in their breach.

If convicted, the defendants face:

• Up to 20 years for conspiracy to commit wire fraud
• Up to 5 years for conspiracy
• Mandatory 2-year sentence for aggravated identity theft
• Additional 20 years for wire fraud (Buchanan only)

The investigation revealed collaboration between Scattered Spider and the Black Cat/ALPHV ransomware group in some attacks. The 2023 casino breaches resulted in Caesars reportedly paying a $15M ransom, while MGM's refusal led to $100M in lost profits.

Related Articles

Previous Articles