Federal authorities have indicted four suspects and filed a criminal complaint against a fifth individual allegedly connected to major corporate hackings, potentially linked to the notorious "Scattered Spider" group.

The suspects are believed to be associated with data theft from approximately dozen companies and the stealing of $11M in cryptocurrency from 29 victims. While Scattered Spider was responsible for the 2023 MGM Resorts and Caesars Entertainment attacks, the direct involvement of these suspects in those specific incidents remains unclear.

The indicted suspects are:

• Ahmed Hossam Eldin Elbadawy, 23, from Texas
• Noah Michael Urban, 20, from Florida
• Evans Onyeaka Osiebo, 20, from Texas
• Joel Martin Evans, 25, from North Carolina

Additionally, Tyler Robert Buchanan, 22, from the UK, faces a criminal complaint.

Their alleged scheme, operating between September 2021 and April 2023, involved sophisticated phishing attacks using SMS messages to target company employees. The messages, appearing to be from legitimate sources, prompted employees to visit fake websites and submit confidential information, leading to unauthorized access to corporate systems.

The defendants face:

• Up to 20 years for conspiracy to commit wire fraud
• Up to 5 years for conspiracy
• Mandatory 2-year sentence for aggravated identity theft
• Additional 20-year maximum for wire fraud (Buchanan only)

The stolen data included intellectual property, access credentials, and personal information of hundreds of thousands of individuals. The investigation revealed possible collaboration between Scattered Spider and the Black Cat/ALPHV ransomware group in some attacks.

Related Articles

Previous Articles