U.S. prosecutors announced criminal charges on Wednesday against five individuals allegedly connected to Scattered Spider. The accused utilized phishing schemes to target employees of prominent corporations, according to the U.S. Attorney’s Office in Los Angeles, cited by Reuters.
The individuals, all in their teens or early ‘20s at the time of their activities, sent fake but convincing mass text messages to employees’ mobile devices, warning of account deactivation. These messages directed victims to malicious links designed to capture login credentials.
With this stolen information, the group allegedly infiltrated their employers’ systems and accessed cryptocurrency accounts to siphon millions of dollars.
The victims include at least 12 prominent companies spanning industries such as gaming, telecommunications, outsourcing, and cryptocurrency, alongside hundreds of thousands of individual cryptocurrency investors.
While no specific victims have been identified, the scope of the hacking underlines the sophisticated, bold nature of Scattered Spider’s operations.
Allison Nixon, Chief Research Officer at cybersecurity firm Unit 221B, lauded the recent crackdown, stating, “The days of easy money and no consequences are over. Defenders and law enforcement are responding aggressively to this wave of cybercrime. Young people involved in online crime need to disengage before they become the next targets.”
Historically, industry professionals have criticized the perceived lack of enforcement against Scattered Spider despite the public identification of some members, many of whom allegedly reside in Western nations.
A teenager connected to the group was arrested in the U.K. in July, and a 22-year-old individual from the U.K. who is believed to be the mastermind behind Scattered Spider was apprehended in Spain in June.
The global Scattered Spider cybercrime group is a notorious collective of hackers responsible for breaching dozens of U.S. companies and is accused of stealing sensitive information and millions in cryptocurrency.
Experts describe Scattered Spider as a loosely connected group of individuals, often young people, who collaborate sporadically on specific cybercrime campaigns. The group has earned a reputation for its aggressive approach to cybercrime, targeting large multinational corporations and individual cryptocurrency holders alike.