The active involvement of the FBI helped justice catch up with the young cybercriminal.
Spanish police have detained a key member of the well-known cybercrime group Scattered Spider. The detainee — a 22-year-old British national, was arrested this week in the Spanish city of Palma de Mallorca while trying to board a flight to Italy. The operation was the result of a joint effort between the US FBI and the Spanish police.
The man is accused of hacking corporate accounts, which allowed attackers to illegally get millions of dollars. It is reported that the suspect at one point controlled bitcoins worth $ 27 million.
The detainee is linked to several major ransomware attacks carried out by Scattered Spider. A group of vx-underground researchers confirmed that the detainee is a SIM swoper who operated under the pseudonym "Tyler".
SIM Swapping is an attack in which criminals contact a telecom operator to transfer the victim's number to their SIM in order to intercept messages and gain access to online accounts. According to journalist Brian Krebs, the detainee is 22-year-old Scot Tyler Buchanan, known by the nickname "tylerb" in Telegram channels dedicated to SIM-swapping.
Tyler is the second arrested member of the band Scattered Spider after Noah Michael Urban, who was charged in February with wire fraud and identity theft, leading to the theft of $800,000 from five victims.
Scattered Spider, also known as 0ktapus, Octo Tempest, and UNC3944, is a group dedicated to financially motivated attacks using social engineering to gain access to organizations. Members of the group may be part of a major cybercrime network, The Com.
Initially focusing on credential theft and SIM swapping, the group has moved on to data extortion and non-encrypted attack attacks aimed at stealing data from subscription-based (SaaS) applications.
According to Mandiant, members of Scattered Spider actively used intimidation tactics to obtain victim credentials, including threats to disclose personal information, physical violence, and the distribution of incriminating materials.
Earlier, representatives of the FBI suggested that the group consists mainly of young people and even teenagers. It is quite possible that it is precisely because of their young age and a certain degree of maximalism that attackers use such harsh methods.
The activity of the Scattered Spider has similarities to another group tracked by Palo Alto Networks Unit 42 under the name Muddled Libra, which is also engaged in data theft from SaaS applications. However, experts emphasize that this is not the same group.
Scattered Spider is known for using phishing kits to steal Okta credentials, making it difficult to identify the culprits. The group also used Okta's abuse of access rights to extend the intrusion to cloud and SaaS applications.
The group's attacks are characterized by the use of legitimate cloud synchronization utilities, such as Airbyte and Fivetran, to export data to storage facilities controlled by attackers, and the creation of new virtual machines to establish permanent access and bypass protection.
As part of its attacks, Scattered Spider also used end-device incident detection and response (EDR) solutions to execute commands and test access to the environment.
Spanish police have detained a key member of the well-known cybercrime group Scattered Spider. The detainee — a 22-year-old British national, was arrested this week in the Spanish city of Palma de Mallorca while trying to board a flight to Italy. The operation was the result of a joint effort between the US FBI and the Spanish police.
The man is accused of hacking corporate accounts, which allowed attackers to illegally get millions of dollars. It is reported that the suspect at one point controlled bitcoins worth $ 27 million.
The detainee is linked to several major ransomware attacks carried out by Scattered Spider. A group of vx-underground researchers confirmed that the detainee is a SIM swoper who operated under the pseudonym "Tyler".
SIM Swapping is an attack in which criminals contact a telecom operator to transfer the victim's number to their SIM in order to intercept messages and gain access to online accounts. According to journalist Brian Krebs, the detainee is 22-year-old Scot Tyler Buchanan, known by the nickname "tylerb" in Telegram channels dedicated to SIM-swapping.
Tyler is the second arrested member of the band Scattered Spider after Noah Michael Urban, who was charged in February with wire fraud and identity theft, leading to the theft of $800,000 from five victims.
Scattered Spider, also known as 0ktapus, Octo Tempest, and UNC3944, is a group dedicated to financially motivated attacks using social engineering to gain access to organizations. Members of the group may be part of a major cybercrime network, The Com.
Initially focusing on credential theft and SIM swapping, the group has moved on to data extortion and non-encrypted attack attacks aimed at stealing data from subscription-based (SaaS) applications.
According to Mandiant, members of Scattered Spider actively used intimidation tactics to obtain victim credentials, including threats to disclose personal information, physical violence, and the distribution of incriminating materials.
Earlier, representatives of the FBI suggested that the group consists mainly of young people and even teenagers. It is quite possible that it is precisely because of their young age and a certain degree of maximalism that attackers use such harsh methods.
The activity of the Scattered Spider has similarities to another group tracked by Palo Alto Networks Unit 42 under the name Muddled Libra, which is also engaged in data theft from SaaS applications. However, experts emphasize that this is not the same group.
Scattered Spider is known for using phishing kits to steal Okta credentials, making it difficult to identify the culprits. The group also used Okta's abuse of access rights to extend the intrusion to cloud and SaaS applications.
The group's attacks are characterized by the use of legitimate cloud synchronization utilities, such as Airbyte and Fivetran, to export data to storage facilities controlled by attackers, and the creation of new virtual machines to establish permanent access and bypass protection.
As part of its attacks, Scattered Spider also used end-device incident detection and response (EDR) solutions to execute commands and test access to the environment.
