U.S. authorities have arrested a 19-year-old teenager linked to the infamous Scattered Spider cybercrime gang who’s now charged with breaching a U.S. monetary establishment and two unnamed telecommunications companies.
Remington Goy Ogletree (additionally recognized on-line as “remi”) breached the three firms’ networks utilizing credentials stolen in textual content and voice phishing messages concentrating on their workers.
He additionally impersonated the victims’ IT help departments in calls designed to strain the staff into accessing phishing websites the place they had been requested to enter their person names and passwords.
The U.S. monetary establishment allegedly hacked by Ogletree advised the FBI that roughly 149 of its workers had been focused in a phishing marketing campaign (between late October 2023 and mid-November 2023) that redirected them to phishing touchdown pages impersonating the corporate.
These phishing web sites had been designed to ask the focused workers to enter credentials they used to entry the monetary establishment’s techniques.
“A overview of screenshots of the phishing messages revealed statements meant to mislead the staff into offering their credentials, together with fraudulent messages claiming their ‘worker advantages bundle [was] up to date’ and ‘your worker schedule has been modified’,” the grievance reads.
“Among the phishing messages advised workers that they’d ‘an inquiry from HR’ or that their ‘VPN profile was up to date’.”
Additionally, between October 2023 and Might 2024, Ogletree used his entry to the telecoms’ techniques to ship over 8.6 million phishing textual content messages to cellphone numbers throughout the USA designed to assist steal recipients’ cryptocurrency.
As Development Micro reported in October 2023, a few of these assaults focused the shoppers of respectable crypto platforms Gemini and KuCoin utilizing the yourgeminiclaims[.]internet and kucoinclaims[.]com domains.
In February, whereas looking his residence in Forth Price, Texas, the FBI discovered in depth proof of Ogletree’s felony exercise on his seized iPhone, together with screenshots of phishing texts impersonating a tech firm, screenshots of credential harvesting phishing pages, and screenshots of crypto wallets with tens of hundreds of {dollars} in cryptocurrency.
Throughout his subsequent interview with the FBI, Ogletree stated he knew “individuals who commit all types of crimes” and “key Scattered Spider members,” including that the hacking group targets enterprise course of outsourcing (BPO) firms as a result of “they’ve much less safety” than the businesses they work for.
Earlier Scattered Spider arrests
Final month, the U.S. Justice Division arrested and charged 5 different suspects linked to the cybercrime gang who allegedly stole tens of millions in cryptocurrency utilizing SMS phishing assaults concentrating on dozens of targets.
These 5 suspects face costs of wire fraud, wire fraud conspiracy, and aggravated identification theft, every dealing with at the least 20 years in jail:
- Ahmed Hossam Eldin Elbadawy, 23, a.okay.a. “AD,” of School Station, Texas;
- Noah Michael City, 20, a.okay.a. “Sosa” and “Elijah,” of Palm Coast, Florida;
- Evans Onyeaka Osiebo, 20, of Dallas, Texas;
- Joel Martin Evans, 25, a.okay.a. “joeleoli,” of Jacksonville, North Carolina;
- Tyler Robert Buchanan, 22, of the UK.
UK police additionally arrested a 17-year-old suspect in July, believed to be a part of the Scattered Spider hacking collective who was concerned within the 2023 MGM Resorts ransomware assault.
Different high-profile assaults linked to this hacking group embody these on Caesars, MailChimp, Twilio, DoorDash, Riot Video games, and Reddit.
For the reason that begin of 2023, Scattered Spider has additionally partnered with a number of Russian ransomware gangs, together with Qilin, BlackCat/AlphV, and RansomHub.
What’s Scattered Spider?
Safety distributors additionally observe the financially motivated Scattered Spider cybercrime gang as 0ktapus, UNC3944, Scatter Swine, Octo Tempest, and Muddled Libra.
This group of English-speaking menace actors, some as younger as 16, has a fluid organizational construction and communicates through the identical Telegram channels, Discord servers, and hacker boards to coordinate and orchestrate numerous assaults.
A few of its members are additionally believed to be a part of “the Com,” one other hacking collective beforehand linked to violent incidents and cyberattacks.
The teams’ loose-knit group makes it more durable for regulation enforcement to maintain observe of their felony exercise and attribute particular assaults to a particular gang member.
The FBI says they’re utilizing numerous techniques to breach company networks, together with phishing, social engineering, SIM swapping, and multi-factor authentication (MFA) bombing (focused MFA fatigue).