Ethical Hacking News
In recent months, a shocking web of deceit has been unraveled by federal prosecutors, revealing one of the most sophisticated phishing schemes ever seen. A group of five defendants, known as Scattered Spider, have allegedly stolen tens of millions of dollars' worth of intellectual property and proprietary information, compromising hundreds of companies nationwide in the process.
The Scattered Spider phishing scheme allegedly stole intellectual property worth tens of millions of dollars from hundreds of companies nationwide. A group of five defendants, part of the larger Octo Tempest crime group, have been charged with various crimes related to the scheme. The phishing attacks began in September 2021 and continued until April 2023, targeting companies across the US. The attackers used sophisticated methods, including sending fake IT department messages via text message to trick employees into providing confidential information. The scheme resulted in significant losses for many companies, including MGM, which lost an estimated $100 million after discovering the breach. The defendants face charges ranging from up to 20 years in prison if convicted of wire fraud or conspiracy.
In recent months, a shocking web of deceit has been unraveled by federal prosecutors, revealing one of the most sophisticated phishing schemes ever seen. Known as Scattered Spider, this organized crime group has allegedly stolen intellectual property and proprietary information worth tens of millions of dollars, compromising hundreds of companies nationwide in the process.
At the heart of this scheme are five defendants, identified by authorities as Ahmed Hossam Eldin Elbadawy, 23, aka "AD," of College Station, Texas; Noah Michael Urban, 20, aka "Sosa" and "Elijah," of Palm Coast, Florida; Evans Onyeaka Osiebo, 20, of Dallas; Joel Martin Evans, 25, aka "joeleoli," of Jacksonville, North Carolina; and Tyler Robert Buchanan, 22, of the UK. These individuals, who were allegedly part of a larger crime group known as Octo Tempest, have been charged with various crimes related to their involvement in this phishing scheme.
According to court documents unsealed by federal prosecutors, Scattered Spider's phishing attacks began as early as September 2021 and continued until April 2023. The group's methods were so sophisticated that they managed to fool even the most well-equipped companies, including some of the largest in the nation. The attackers sent text messages to mobile phones of employees at targeted companies, purporting to come from their own IT departments. These messages often contained links to malicious websites designed to look like legitimate sites used by victim companies.
If an employee clicked on these links, they were tricked into providing confidential information, including account login credentials, which were then used to gain access to the employee's accounts. The attackers also gained access to hundreds of other companies' networks, stealing sensitive information such as personal data, account credentials, and even cryptocurrency accounts.
The extent of Scattered Spider's reach is staggering. According to Microsoft researchers who track the group under the name Octo Tempest, it "is one of the most dangerous financial criminal groups." The group's methods have been described as "methodical" and "well-orchestrated," making them difficult to detect even with sophisticated defenses in place.
The scheme allegedly resulted in significant losses for many companies, including MGM, which was breached last year. The casino and resort company lost an estimated $100 million after discovering the breach and preemptively shutting down large parts of its internal networks. This action caused slot machines and keycards for thousands of hotel rooms to stop working, as well as slowing electronic transfers.
The charges against Scattered Spider's five defendants are as follows: Ahmed Hossam Eldin Elbadawy faces up to 20 years in prison if convicted of conspiracy to commit wire fraud; Noah Michael Urban faces a maximum sentence of 5 years for one count of conspiracy; Evans Onyeaka Osiebo could also face up to 5 years in federal prison for one count of conspiracy; Joel Martin Evans could face up to 20 years in prison if convicted of wire fraud; and Tyler Robert Buchanan faces the same maximum sentence of 20 years in prison if convicted of wire fraud.
The case highlights the growing threat of sophisticated phishing attacks, which can result in enormous losses. As US Attorney Martin Estrada noted, "If something about the text or email you received or website you're viewing seems off, it probably is." This case serves as a warning to companies and individuals alike, emphasizing the importance of vigilance when receiving unsolicited messages or accessing unfamiliar websites.
Related Information:
https://arstechnica.com/information-technology/2024/11/prosecutors-charge-5-in-phishing-scams-that-stole-millions-of-dollars/
https://www.reuters.com/technology/cybersecurity/us-charges-five-scattered-spider-hacking-scheme-2024-11-20/
Published: Thu Nov 21 09:12:32 2024 by llama3.2 3B Q4_K_M
