• Latest
  • Trending
  • All
  • BUSINESS
  • ENTERTAINMENT
  • POLITICAL
  • TECHNOLOGY

November 24, 2024
Indices: Already not extreme fear

Indices: Already not extreme fear

April 24, 2025
Eurozone: Tariff reversal is some relief, but no game changer – ABN AMRO

Eurozone: Tariff reversal is some relief, but no game changer – ABN AMRO

April 24, 2025
US: The US has already lost the trade war – ABN AMRO

US: The US has already lost the trade war – ABN AMRO

April 24, 2025
Predictive Analytics Promise the End of ‘Gut Feelings’ in Construction

Predictive Analytics Promise the End of ‘Gut Feelings’ in Construction

April 24, 2025
First Border Wall Contracts of Second Trump Term Awarded in Texas, San Diego

First Border Wall Contracts of Second Trump Term Awarded in Texas, San Diego

April 24, 2025
Construction Economics for April 28, 2025

Construction Economics for April 28, 2025

April 24, 2025
AI startups backed to boost construction productivity

AI startups backed to boost construction productivity

April 24, 2025
Why is building safety litigation on the rise?

Why is building safety litigation on the rise?

April 24, 2025
Severfield to cut 6 per cent of staff despite ‘solid’ order book

Severfield to cut 6 per cent of staff despite ‘solid’ order book

April 24, 2025
Bovis promotes operations head to board

Bovis promotes operations head to board

April 24, 2025
China expresses condolences over death of Pope Francis, World News

China expresses condolences over death of Pope Francis, World News

April 24, 2025
Pope Francis’ body taken in procession to St Peter’s for lying in state, World News

Pope Francis’ body taken in procession to St Peter’s for lying in state, World News

April 24, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Friday, June 13, 2025
No Result
View All Result
  • HOME
  • BUSINESS
  • ENTERTAINMENT
  • POLITICAL
  • TECHNOLOGY
  • ABOUT US
  • Login
  • Register
  • HOME
  • BUSINESS
  • ENTERTAINMENT
  • POLITICAL
  • TECHNOLOGY
  • ABOUT US
No Result
View All Result
Huewire
No Result
View All Result
Home TECHNOLOGY

by huewire
November 24, 2024
in TECHNOLOGY
0
491
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter

A UK national named as Tyler Robert Buchanan has been charged in the US over his alleged involvement in cyber attacks perpetrated by the Scattered Spider gang

Alex Scroxton

By

  • Alex Scroxton,
    Security Editor

Published: 21 Nov 2024 16:21

The United States’ Department of Justice (DoJ) yesterday unsealed criminal charges against five individuals, including a 22 year-old British national named as Tyler Robert Buchanan, over their alleged involvement in the Scattered Spider cyber attacks.

During their criminal rampage, the gang used social engineering techniques to game their victims into giving up vital credentials, often relating to IT helpdesks. Most famously, they attacked two mainstays of the Las Vegas entertainment industry, Caesars Entertainment and MGM Resorts.

Buchanan, who was arrested in June 2024 in Spain, faces charges of conspiracy to commit wire fraud, conspiracy, wire fraud, and aggravated identity theft. He was already on the authorities’ radar following a raid on his home in Scotland in 2023, in which police recovered evidence implicating him as a key player in the gang.

The four US nationals named are: Ahmed Hossam Edin Elbadaway, aka AD, aged 23; Noah Michael Urban, aka Sosa and Elijah, aged 20; Evans Onyeaka Osiebo, aged 20; and Joel Martin Evans, aka joeleoli, aged 25.

Evans was arrested on Tuesday 19 November in North Carolina, while Urban, who was arrested in a separate case earlier this year, is also in custody.

Collectively, the men are charged with one count of conspiracy to commit wire fraud, one count of conspiracy, and one count of aggravated identity theft.

“We allege that this group of cyber criminals perpetrated a sophisticated scheme to steal intellectual property and proprietary information worth tens of millions of dollars and steal personal information belonging to hundreds of thousands of individuals,” said US attorney Martin Estrada.

“As this case shows, phishing and hacking has become increasingly sophisticated and can result in enormous losses. If something about the text or email you received or website you’re viewing seems off, it probably is.”

Akil Davis, assistant director in charge of the FBI’s Los Angeles Field Office, added: “The defendants allegedly preyed on unsuspecting victims in this phishing scheme and used their personal information as a gateway to steal millions in their cryptocurrency accounts.

“These types of fraudulent solicitations are ubiquitous and rob American victims of their hard-earned money with the click of a mouse. I’m proud of our stellar cyber agents whose work led to the identification of the alleged schemers who are facing significant prison time if convicted.”

Each defendant faces a statutory maximum prison sentences of 27 years if convicted, while Buchanan faces an additional 20-year sentence for the wire fraud count.

Inside Scattered Spider

The documents unsealed this week reveal an extensive campaign of malicious activity beginning in late 2021 and running through 2023, although the gang continued to operate with a revised playbook until recently.

The defendants are accused of conducting widespread phishing attacks using mass SMS messages to employees of targeted victims, purporting to come from the victim company or a contracted IT services supplier – often Okta, which the gang also relentlessly victimised, and for a time, it was also branded as 0ktapus.

Frequently, these SMS messages stated that the employee’s account was about to be locked or deactivated, and “conveniently” provided a link to help them address this. Naturally, this link led in reality to a spoofed website in which the unwitting victims readily entered their login credentials, with many of them also authenticating their identities using multifactor authentication (MFA).

These credentials obtained, Scattered Spider was able to access the accounts of victim companies’ employees and from there obtain deeper access into their victims’ IT systems, stealing confidential data and personally identifiable information (PII).

At times, the gang also used ransomware on its victims, acting as an affiliate of the ALPHV/BlackCat operation.

The authorities believe that Scattered Spider often used the data it obtained to gain unauthorised access to numerous cryptocurrency accounts and wallets, and may have stolen millions of dollars’ worth of virtual currency.

Scattered Spider was able to be particularly effective against victims in the UK and US because its core members were native English speakers. This enabled them to appear more convincing in their messaging and interactions – compared with Russian speakers, who can frequently be unmasked thanks to various linguistic quirks, prominently the misuse or omission of the definite article when speaking English.

The gang was also somewhat renowned for making threats of real-world retaliation against non-compliant victims, with people reporting that they were told they would lose their jobs, or face physically violent retribution against themselves and their families.

“Rather than using basic email phishing, the attackers took things a step further to make their attack look more convincing,” said William Wright, CEO of Scotland-based Closed Door Security.

“They tracked an employee on LinkedIn and then contacted an IT helpdesk worker requesting a password reset. Once the new password was secured, they then conducted an MFA fatigue attack which was enough to grant them with system access. The single attack was highly targeted, but its returns were immense. 

“The attack highlighted that when it comes to social engineering, criminals have many tricks up their sleeves. To counter these threats, organisations must run security tests across their networks to identify weaknesses either among employees or digital architecture,” he said.

Consequences

“These individuals, and other actors who they have collaborated with, have caused so much pain and financial harm to organisations … through their disruptive intrusions,” said Charles Carmakal, chief technology officer at Google Cloud-owned Mandiant.

“This is a nice win for law enforcement that over time has significantly hampered the group’s fast-paced tempo this year. We hope this sends a message to the other actors they collaborate with that they aren’t immune to consequences.”

Read more on Hackers and cybercrime prevention


  • DOJ charges 5 alleged Scattered Spider members

    AlexanderCulafi

    By: Alexander Culafi


  • HC3: Scattered Spider hits healthcare with social engineering

    JillMcKeon

    By: Jill McKeon


  • Microsoft sees drop in ransomware reaching encryption phase

    ArielleWaldman

    By: Arielle Waldman


  • New version of ALPHV/BlackCat ransomware hits victims

    AlexScroxton

    By: Alex Scroxton

Read More

Share196Tweet123
huewire

huewire

Recent Comments

No comments to show.

Recent Posts

  • Indices: Already not extreme fear
  • Eurozone: Tariff reversal is some relief, but no game changer – ABN AMRO
  • US: The US has already lost the trade war – ABN AMRO
  • Predictive Analytics Promise the End of ‘Gut Feelings’ in Construction
  • First Border Wall Contracts of Second Trump Term Awarded in Texas, San Diego
Huewire

Copyrights © 2024 Huewire.com.

Navigate Site

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Follow Us

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • HOME
  • BUSINESS
  • ENTERTAINMENT
  • POLITICAL
  • TECHNOLOGY
  • ABOUT US

Copyrights © 2024 Huewire.com.