U.S. Government Charges Five Individuals in Multi-Year Hacking Spree
Investigation Reveals Sophisticated Scheme to Steal Intellectual Property and Personal Information
The U.S. government has announced charges against five individuals accused of carrying out a multi-year hacking spree targeting tech giants and cryptocurrency owners, which security researchers have dubbed "0ktapus." The alleged hackers used sophisticated techniques, including phishing text messages and SIM swapping attacks, to steal credentials and break into company systems.
The Accused Hackers
The five accused hackers are:
- Ahmed Hossam Eldin Elbadawy, 23, of College Station, Texas
- Noah Michael Urban, 20, of Palm Coast, Florida
- Evans Onyeaka Osiebo, 20, of Dallas, Texas
- Joel Martin Evans, 25, of Jacksonville, North Carolina
- Tyler Robert Buchanan, 22, from the United Kingdom (arrested in Spain earlier this year)
The U.S. Department of Justice has published a press release announcing the charges against the five alleged hackers.
The Hacking Scheme
According to the court documents, the hackers targeted employees at American companies with phishing text messages, aiming to steal their credentials. They then used these stolen credentials to break into company systems and steal sensitive data, as well as cryptocurrency worth millions of dollars.
The indictment mentions that the hackers stole $6.3 million in cryptocurrency from a single unnamed victim. The U.S. Attorney Martin Estrada stated, "We allege that this group of cybercriminals perpetrated a sophisticated scheme to steal intellectual property and proprietary information worth tens of millions of dollars and steal personal information belonging to hundreds of thousands of individuals."
Links to 0ktapus Group
Security researchers have previously linked the alleged hackers to a prolific hacking group called "0ktapus," known for their use of spoofing Okta login portals used by tech giants. The group was involved in a months-long hacking campaign in 2022, targeting companies like Twilio, Coinbase, and DoorDash.
In 2023, the group again targeted game makers, including Riot Games. Ciaran McEvoy, a spokesperson for the DOJ, confirmed to TechCrunch that the five hackers are suspected of being part of the group known as Scattered Spider.
Investigation Reveals Extensive Network
According to one of the court documents, which cites the FBI’s investigation, Buchanan and the other hackers targeted at least 45 companies in Canada, the U.S., the U.K., and other countries. Urban is accused of stealing more than $800,000 in Bitcoin and Ethereum from several victims.
One of the documents also mentions an ‘unindicted co-conspirator,’ and ‘other co-conspirators,’ suggesting there’s more suspects that have yet to be publicly accused of crimes.
The "Com" Network
The hackers are said to be part of a wider cybercriminal community referred to by researchers as "the Com," a largely nebulous network of mostly young adults and teenagers. This group is known for using sophisticated techniques, including phishing and SIM swapping attacks, to steal sensitive information.
The investigation has revealed that the alleged hackers were part of a larger network, with Buchanan and the other hackers targeting at least 45 companies across multiple countries. The extent of this network and its connections to other hacking groups remains unclear.
Charges and Investigation
The U.S. government has announced charges against five individuals accused of carrying out a multi-year hacking spree targeting tech giants and cryptocurrency owners.
The investigation has revealed that the alleged hackers used sophisticated techniques, including phishing text messages and SIM swapping attacks, to steal credentials and break into company systems.
The extent of this network and its connections to other hacking groups remains unclear.