A British individual has confessed to a US court about his involvement in a vast hacking scheme targeting numerous companies, leading to the theft of millions in digital currency, as revealed by the Department of Justice.
Details of the Cybercrime
Tyler Robert Buchanan, aged 24, from Dundee, Scotland, was detained in Spain in June 2024 and later indicted in November 2024 in the United States for his participation in the cybercriminal group known as Scattered Spider.
Buchanan acknowledged executing SMS phishing campaigns aimed at a company’s workforce, inundating them with messages that directed to fraudulent sites designed to collect login credentials and personal data.
Methodology and Execution
By exploiting the obtained information, Buchanan and his associates infiltrated employee accounts and corporate systems, acquiring sensitive data such as intellectual property, personal identifiers, account credentials, and confidential files.
The group utilized a phishing toolkit to gather employee credentials, which were then transmitted to a Telegram channel managed by Buchanan and an accomplice.
Additionally, Buchanan admitted to leveraging the stolen data to locate and infiltrate virtual currency accounts, resulting in the theft of at least $8 million in cryptocurrency from US-based victims.
Techniques Employed
To gain access to cryptocurrency wallets and circumvent multi-factor authentication (MFA), the conspirators employed SIM swapping, a method of transferring a victim’s phone number to a SIM card controlled by the hackers.
This technique enabled the interception of two-factor authentication codes, granting the hackers access to the victims’ accounts.
In April 2023, authorities discovered at Buchanan’s residence in Scotland a device containing victim names, addresses, and a file with cryptocurrency seed phrases and login details.
Legal Proceedings and Future Implications
Buchanan’s sentencing is set for August 21. His accomplice, Noah Michael Urban, received a 10-year prison sentence last August for his involvement with Scattered Spider.
Additional charges have been filed against Ahmed Hossam Eldin Elbadawy, 23, from Texas; Evans Onyeaka Osiebo, 20, from Texas; and Joel Martin Evans, 25, from North Carolina.
Known by various aliases such as Muddled Libra, Scatter Swine, Starfraud, and UNC3944, Scattered Spider has repeatedly made headlines for significant cyber intrusions, including those targeting MGM Resorts and several retailers in the UK and US.
