After evading capture for more than two years following a hacking spree that targeted some of the world’s largest technology companies, US authorities say they have finally caught at least some of the hackers responsible.
In August 2022, Security researchers went public. with a warning that a group of hackers had targeted more than 130 organizations as part of a sophisticated phishing campaign that stole the credentials of nearly 10,000 employees. The hackers specifically targeted companies using Okta, a single sign-on provider used by thousands of companies around the world to allow their employees to log in from home.
Due to its focus on Okta, the hacker group was nicknamed “0ktapus.” To date, the group hacked Caesar EntertainmentCoinbase, DoorDash, Mailchimp, Riot Games, Twilio (twice) and dozens more.
The most notable cyberattack by hackers in terms of downtime and impact was the attack on MGM Resorts in September 2023, which reportedly cost the casino and hotel giant at least $100 million. In that case, the hackers worked with the Russian-speaking ransomware gang ALPHV and demanded a ransom from MGM for the company to recover its files. The hack was so damaging that MGM-owned casinos had problems providing services for days.
Over the past two years, as law enforcement has closed in on hackers, people in the cybersecurity industry have tried to figure out exactly how to categorize hackers and whether to put them in one group or another.
Hacker techniques such as social engineering, email and text message phishing, and SIM card swapping are common and widespread. Some of the individual hackers were part of multiple groups responsible for different data breaches. These circumstances have made it difficult to understand exactly who belongs to which group. Cybersecurity giant CrowdStrike dubbed this hacker group “Scattered Spider,” and researchers believe there is some overlap with 0ktapus.
The group was so active (and successful) that the US cybersecurity agency CISA and the FBI issued a notice at the end of 2023 with details about the group’s activities and techniques, in an attempt to help organizations prepare and defend against anticipated attacks.
Scattered Spider is “a cybercriminal group that targets large companies and their contracted IT support services,” CISA wrote in its notice. The agency warned that the group “has typically engaged in data theft for extortion purposes” and noted its known ties to ransomware gangs.
One thing that is relatively certain is that the hackers are mostly English-speaking and are believed to be teenagers and early 20s, and are sometimes referred to as “late persistent teenagers.”
“There are a disproportionate number of minors involved, and that is because the group deliberately recruits minors because of the lenient legal environment in which they exist and they know that nothing will happen to them if the police catch a child,” Allison Nixon, director research. in Unit 221B, he told britcommerce at the time.
Over the past two years, some of the members of 0ktapus and Scattered Spider have been linked to an equally nebulous group of cybercriminals known as “the com.” People in this broader cybercrime community have committed crimes that spilled over into the real world. Some of them have been responsible for violent acts, such as robberies, robberies and cobblestones: hiring thugs to throw bricks at someone’s house or apartment; as well as swatting, where someone tricks authorities into believing a violent crime is occurring, causing the armed police unit to intervene. Although it was born as a joke, crushing is known to have fatal consequences.
After two years of hacking, authorities are finally beginning to identify and charge Scattered Spider members.
In July, UK police confirmed the arrest of a 17-year-old in connection with the MGM hack.
In November, the U.S. Department of Justice announced that it had charged five hackers: Ahmed Hossam Eldin Elbadawy, 23, of College Station, Texas; Noah Michael Urban, 20, from Palm Coast, Florida, who had been arrested in January; Evans Onyeaka Osiebo, 20, of Dallas, Texas; Joel Martin Evans, 25, of Jacksonville, North Carolina; and Tyler Robert Buchanan, 22, from the United Kingdom, arrested in June in Spain.