(Credit: Rawf8 via Getty Images)
The US has charged five suspects believed to be part of Scattered Spider, the infamous hacking group behind the ransomware attack against MGM Resorts last year.
On Wednesday, federal investigators unsealed charges against five defendants for using phishing messages to help them hack into companies nationwide.
A Justice Department spokesman added that federal investigators believe all five members were part of Scattered Spider. Indeed, two of the named suspects, 22-year-old Tyler Robert Buchanan of the UK and 20-year-old Noah Michael Urban of Florida, were arrested earlier this year and have been linked to the hacking group.
Wednesday’s announcement names three other alleged members of the group: 23-year-old Ahmed Elbadawy and 20-year-old Evans Osiebo, both from Texas, and 25-year-old Joel Evans of North Carolina. US investigators arrested Evans on Tuesday.
Federal prosecutors allege that the five suspects sent SMS text messages to employees at companies they sought to breach. The texts looked like official alerts and told employees that their accounts were about to be deactivated unless they took action. In reality, the text messages redirected victims to web pages designed to trick the employee into giving up their work logins.
"The defendants then used the stolen credentials to gain unauthorized access [to] the accounts of victim companies' employees and the companies' computer systems to steal confidential information, including confidential work product, intellectual property, and personal identifying information, such as account access credentials, names, email addresses, and telephone numbers," the Justice Department says.
In some cases, the five suspects used the stolen information to take over cryptocurrency accounts and steal millions.
The announcement doesn't mention Scattered Spider's hack of MGM Resorts and Caesars Entertainment. But security researchers say Scattered Spider operates more as a loose-knit group that uses various tactics, such as posing as IT support staff to phish victims and teaming up with ransomware gangs.
According to court documents, the FBI identified Buchanan’s role in the hacks due to his computer’s IP address being used to buy domains to host the phishing pages. In April 2023, a few months before the MGM Resorts attack, police in the UK raided his home and seized 20 devices, which uncovered more evidence of his hacking activities.
“The FBI’s investigation to date has gathered evidence showing that Buchanan and his co-conspirators targeted at least 45 companies in the United States and abroad, including Canada, India, and the United Kingdom,” the court document adds. “Buchanan's digital devices also contained communications with Co-conspirator 1, including Telegram messages where Buchanan provided information about potential victims to target for cryptocurrency theft.”
If convicted, the suspects face a maximum of up to 27 years of prison on the charges, which include conspiracy to commit wire fraud and aggravated identity theft.