Five Alleged Members of Scattered Spider Cybercrime Group Charged for Stealing $11 Million

The U.S. Justice Department has unsealed charges against five individuals accused of operating the Scattered Spider cybercrime group, responsible for a series of high-profile phishing attacks. The group allegedly stole $11 million in cryptocurrency from at least 29 victims, as well as sensitive corporate data.

Named in the indictments are four Americans — Ahmed Hossam Eldin Elbadawy, Noah Michael Urban, Evans Onyeaka Osiebo, and Joel Martin Evans — alongside a U.K. national, 22-year-old Tyler Robert Buchanan. The charges include wire fraud, conspiracy, and aggravated identity theft, with the suspects facing up to 25 years in prison.

The Scattered Spider group has been linked to several devastating cyber incidents, including the ransomware attack on MGM Casino last year. The group primarily targets large companies and their outsourced partners, using phishing techniques to steal employee credentials and access sensitive information. They then leverage this access to steal cryptocurrency and sell stolen data.

Between September 2021 and April 2023, Scattered Spider used SMS phishing (smishing) to trick employees into visiting fake websites and disclosing their login details. These attacks allowed the hackers to transfer funds and intellectual property from companies, including major tech and telecommunications firms.

Prosecutors revealed that the group’s members often communicated internally, sharing stolen credentials to further infiltrate networks. They also used threats of violence and blackmail to intimidate victims into complying with their demands.

The group’s sophisticated operations, including social engineering and SIM-swapping, have earned them the label of one of the most dangerous financial crime groups by Microsoft. Despite arrests in Spain and the U.K., the whereabouts of several members remain unknown, with some still at large.