U.S. Charges Five Alleged Members of Scattered Spider Cybercrime Group

The federal government on Wednesday announced charges against five men allegedly connected to the Scattered Spider cybercrime group that has plagued high-profile victims for the last two-plus years. 

The five men--four Americans and one U.K. citizen--were charged by the Department of Justice with a variety of fraud, conspiracy, and identity theft crimes connected to intrusions that began with mass SMS-based phishing campaigns. The alleged members of the group charged Wednesday are Ahmed Hossam Eldin Elbadawy, Noah Michael Urban, Evans Onyeaka Osiebo, and Joel Martin Evans, all U.S. citizens; and Tyler Robert Buchanan of the U.K.

Evans was arrested in North Carolina on Tuesday. Urban and Buchanan were both arrested earlier this year. 

“We allege that this group of cybercriminals perpetrated a sophisticated scheme to steal intellectual property and proprietary information worth tens of millions of dollars and steal personal information belonging to hundreds of thousands of individuals,” said United States Attorney Martin Estrada. “As this case shows, phishing and hacking has become increasingly sophisticated and can result in enormous losses. If something about the text or email you received or website you’re viewing seems off, it probably is.”

Scattered Spider first emerged in 2022 and quickly became a significant pest, attacking telecom firms and going after contractors and outsourced service providers in order to get into their targets. The group’s highest-profile intrusions targeted Caesars Entertainment and MGM Resorts in 2023, which resulted in massive disruptions of the operations of both companies’ resorts. Scattered Spider’s attacks often began with high-volume phishing text messages sent to employees at a given organization, typically telling the recipients that they needed to click on a link in order to keep some specific account active. 

That link, of course, led to a site that harvested their credentials, which the attackers then used to crawl inside the organization’s network. The end goal of the intrusions was financial gain, usually in the form of cryptocurrency theft or ransomware payments. 

“The defendants allegedly preyed on unsuspecting victims in this phishing scheme and used their personal information as a gateway to steal millions in their cryptocurrency accounts,” said Akil Davis, the Assistant Director in Charge of the FBI’s Los Angeles Field Office.

Threat intelligence and research teams across the security industry have been tracking Scattered Spider’s activities since the group first emerged, and have had a good handle on their tactics and techniques, but that hasn’t prevented the group from finding continued success. These most recent arrests likely will put a dent in the group’s intrusions, but researchers believe Scattered Spider is not a small group of people, so there may well be more attacks in the offing.