US Arrests Scattered Spider Suspect Linked to Telecom Hacks
Summary:
U.S. authorities have arrested 19-year-old Remington Goy Ogletree, a key member of the Scattered Spider cybercrime gang, for breaching a U.S. financial institution and two telecommunications firms. Known online as "remi," Ogletree gained unauthorized access to these companies by using credentials stolen through phishing campaigns targeting their employees. He impersonated IT support staff in voice and text messages, pressuring employees to visit phishing sites and enter their usernames and passwords.
Between late October and mid-November 2023, Ogletree orchestrated a phishing campaign against 149 employees of the financial institution. Using fraudulent messages claiming updates to employee benefits or schedules, he redirected victims to fake websites designed to harvest credentials. The telecommunications firms’ systems were exploited from October 2023 to May 2024 to send over 8.6 million phishing texts to U.S. phone numbers, often targeting cryptocurrency platforms like Gemini and KuCoin with fake domains. These attacks sought to steal victims' cryptocurrency holdings.
An FBI search of Ogletree’s residence in Fort Worth, Texas, uncovered extensive evidence of his criminal activities on his iPhone, including screenshots of phishing messages, credential-harvesting websites, and crypto wallets containing tens of thousands of dollars. During an interview, Ogletree admitted to collaborating with other Scattered Spider members and focusing on business process outsourcing companies, citing their weaker security compared to the larger organizations they serve.
Analyst Comments:
Scattered Spider, also tracked as UNC3944, 0ktapus, and Muddled Libra, is a financially motivated cybercrime group known for its fluid, loosely knit structure. The group consists of English-speaking members, some as young as 16, who coordinate via Telegram, Discord, and hacker forums. Their tactics include phishing, social engineering, SIM swapping, and multi-factor authentication fatigue attacks, making it challenging for law enforcement to attribute specific crimes to individual members. Scattered Spider has been linked to numerous high-profile breaches. They are also known to collaborate with Russian ransomware groups such as Qilin, BlackCat/AlphV, and RansomHub. Their attacks often leverage innovative social engineering techniques and exploit vulnerabilities in corporate security practices.
This arrest follows a broader crackdown on Scattered Spider, with the U.S. Department of Justice recently charging five other members for phishing campaigns that stole millions in cryptocurrency. Additionally, UK authorities arrested a 17-year-old member in connection with the 2023 MGM Resorts ransomware attack.
Link(s):
https://www.bleepingcomputer.com/ne...tered-spider-suspect-linked-to-telecom-hacks/
U.S. authorities have arrested 19-year-old Remington Goy Ogletree, a key member of the Scattered Spider cybercrime gang, for breaching a U.S. financial institution and two telecommunications firms. Known online as "remi," Ogletree gained unauthorized access to these companies by using credentials stolen through phishing campaigns targeting their employees. He impersonated IT support staff in voice and text messages, pressuring employees to visit phishing sites and enter their usernames and passwords.
Between late October and mid-November 2023, Ogletree orchestrated a phishing campaign against 149 employees of the financial institution. Using fraudulent messages claiming updates to employee benefits or schedules, he redirected victims to fake websites designed to harvest credentials. The telecommunications firms’ systems were exploited from October 2023 to May 2024 to send over 8.6 million phishing texts to U.S. phone numbers, often targeting cryptocurrency platforms like Gemini and KuCoin with fake domains. These attacks sought to steal victims' cryptocurrency holdings.
An FBI search of Ogletree’s residence in Fort Worth, Texas, uncovered extensive evidence of his criminal activities on his iPhone, including screenshots of phishing messages, credential-harvesting websites, and crypto wallets containing tens of thousands of dollars. During an interview, Ogletree admitted to collaborating with other Scattered Spider members and focusing on business process outsourcing companies, citing their weaker security compared to the larger organizations they serve.
Analyst Comments:
Scattered Spider, also tracked as UNC3944, 0ktapus, and Muddled Libra, is a financially motivated cybercrime group known for its fluid, loosely knit structure. The group consists of English-speaking members, some as young as 16, who coordinate via Telegram, Discord, and hacker forums. Their tactics include phishing, social engineering, SIM swapping, and multi-factor authentication fatigue attacks, making it challenging for law enforcement to attribute specific crimes to individual members. Scattered Spider has been linked to numerous high-profile breaches. They are also known to collaborate with Russian ransomware groups such as Qilin, BlackCat/AlphV, and RansomHub. Their attacks often leverage innovative social engineering techniques and exploit vulnerabilities in corporate security practices.
This arrest follows a broader crackdown on Scattered Spider, with the U.S. Department of Justice recently charging five other members for phishing campaigns that stole millions in cryptocurrency. Additionally, UK authorities arrested a 17-year-old member in connection with the 2023 MGM Resorts ransomware attack.
Link(s):
https://www.bleepingcomputer.com/ne...tered-spider-suspect-linked-to-telecom-hacks/