U.S. authorities have arrested a 19-year-old teenager linked to the infamous Scattered Spider cybercrime gang who’s now charged with breaching a U.S. monetary establishment and two unnamed telecommunications corporations.
Remington Goy Ogletree (additionally recognized on-line as “remi”) breached the three corporations’ networks utilizing credentials stolen in textual content and voice phishing messages focusing on their staff.
He additionally impersonated the victims’ IT help departments in calls designed to strain the workers into accessing phishing websites the place they had been requested to enter their consumer names and passwords.
The U.S. monetary establishment allegedly hacked by Ogletree informed the FBI that roughly 149 of its staff had been focused in a phishing marketing campaign (between late October 2023 and mid-November 2023) that redirected them to phishing touchdown pages impersonating the corporate.
These phishing web sites had been designed to ask the focused staff to enter credentials they used to entry the monetary establishment’s techniques.
“A review of screenshots of the phishing messages revealed statements intended to mislead the employees into providing their credentials, including fraudulent messages claiming their ’employee benefits package [was] updated’ and ‘your employee schedule has been modified’,” the grievance reads.
“Some of the phishing messages told employees that they had ‘an inquiry from HR’ or that their ‘VPN profile was updated’.”
Additionally, between October 2023 and Could 2024, Ogletree used his entry to the telecoms’ techniques to ship over 8.6 million phishing textual content messages to cellphone numbers throughout the US designed to assist steal recipients’ cryptocurrency.
As Pattern Micro reported in October 2023, a few of these assaults focused the purchasers of reliable crypto platforms Gemini and KuCoin utilizing the yourgeminiclaims[.]internet and kucoinclaims[.]com domains.
In February, whereas looking out his residence in Forth Value, Texas, the FBI discovered in depth proof of Ogletree’s prison exercise on his seized iPhone, together with screenshots of phishing texts impersonating a tech firm, screenshots of credential harvesting phishing pages, and screenshots of crypto wallets with tens of hundreds of {dollars} in cryptocurrency.
Throughout his subsequent interview with the FBI, Ogletree mentioned he knew “people who commit all sorts of crimes” and “key Scattered Spider members,” including that the hacking group targets enterprise course of outsourcing (BPO) corporations as a result of “they have less security” than the businesses they work for.
Earlier Scattered Spider arrests
Final month, the U.S. Justice Division arrested and charged 5 different suspects linked to the cybercrime gang who allegedly stole thousands and thousands in cryptocurrency utilizing SMS phishing assaults focusing on dozens of targets.
These 5 suspects face expenses of wire fraud, wire fraud conspiracy, and aggravated identification theft, every dealing with at the very least 20 years in jail:
- Ahmed Hossam Eldin Elbadawy, 23, a.ok.a. “AD,” of School Station, Texas;
- Noah Michael City, 20, a.ok.a. “Sosa” and “Elijah,” of Palm Coast, Florida;
- Evans Onyeaka Osiebo, 20, of Dallas, Texas;
- Joel Martin Evans, 25, a.ok.a. “joeleoli,” of Jacksonville, North Carolina;
- Tyler Robert Buchanan, 22, of the UK.
UK police additionally arrested a 17-year-old suspect in July, believed to be a part of the Scattered Spider hacking collective who was concerned within the 2023 MGM Resorts ransomware assault.
Different high-profile assaults linked to this hacking group embody these on Caesars, MailChimp, Twilio, DoorDash, Riot Video games, and Reddit.
For the reason that begin of 2023, Scattered Spider has additionally partnered with a number of Russian ransomware gangs, together with Qilin, BlackCat/AlphV, and RansomHub.
What’s Scattered Spider?
Safety distributors additionally monitor the financially motivated Scattered Spider cybercrime gang as 0ktapus, UNC3944, Scatter Swine, Octo Tempest, and Muddled Libra.
This group of English-speaking menace actors, some as younger as 16, has a fluid organizational construction and communicates by way of the identical Telegram channels, Discord servers, and hacker boards to coordinate and orchestrate varied assaults.
A few of its members are additionally believed to be a part of “the Com,” one other hacking collective beforehand linked to violent incidents and cyberattacks.
The teams’ loose-knit group makes it tougher for regulation enforcement to maintain monitor of their prison exercise and attribute particular assaults to a selected gang member.
The FBI says they’re utilizing varied ways to breach company networks, together with phishing, social engineering, SIM swapping, and multi-factor authentication (MFA) bombing (focused MFA fatigue).
