Key Takeaways
Four suspects have been indicted and a fifth was the subject of a criminal complaint after federal authorities investigated high-profile against many large companies and individuals.
US Attorney for the Central District of California Martin Estrada, pictured above, announced charges against alleged hackers. (Image: LinkedIn)Each of the five individuals is reportedly linked to the infamous group of hackers called “,” which was blamed for the 2023 hacking of , , and perhaps as many as 100 other companies.
The hacking connected to the five suspects led to data theft at about a dozen unspecified entities, according to Las Vegas TV station KLAS. Approximately $11M worth of cryptocurrency was stolen from an estimated 29 victims as well, the report added.
Whether the five suspects were connected to the hacking of MGM or Caesars is unclear, according to Reuters.
An MGM source told Reuters this week the five didn’t appear to be involved in the attack against the casino company. Federal authorities didn’t provide specifics on cases involving the five. Caesars didn’t provide a comment.
Infosecurity Magazine also reported that Scattered Spider sometimes collaborated in hacks with the Black Cat/ALPHV ransomware group.
During the 2023 hackings, Caesars reportedly paid $15M in ransom to hackers, but MGM wouldn’t pay, the Wall Street Journal reported. The incidents eventually cost MGM $100M in lost profits, according to news reports.
Identities of DefendantsOn Wednesday, the US Attorney’s Office for the Central District of California revealed the names of the five suspects and their charges after a federal grand jury reviewed the evidence against them.
They were identified as:
Ahmed Hossam Eldin Elbadawy, 23, a.k.a. “AD,” of College Station, TexasNoah Michael Urban, 20, a.k.a. “Sosa” and “Elijah,” of Palm Coast, Fla.Evans Onyeaka Osiebo, 20, of Dallas, TexasJoel Martin Evans, 25, a.k.a. “joeleoli,” of Jacksonville, NC.Each was charged with conspiracy to commit wire fraud, conspiracy, and aggravated identity theft.
A criminal complaint was also lodged against Tyler Robert Buchanan, 22, of the United Kingdom, charging him with conspiracy to commit wire fraud, conspiracy, wire fraud, and aggravated identity theft.
We allege that this group of cybercriminals perpetrated a sophisticated scheme to steal intellectual property and proprietary information worth tens of millions of dollars and steal personal information belonging to hundreds of thousands of individuals,” Martin Estrada, US Attorney for the Central District of California, said in a statement announcing the arrests.
“The defendants allegedly preyed on unsuspecting victims in this phishing scheme and used their personal information as a gateway to steal millions in their cryptocurrency accounts,” added Akil Davis, the assistant director of the Los Angeles field office.
Phishing AttacksProsecutors said that between September 2021 and April 2023, the five defendants allegedly took part in sophisticated phishing attacks.
Short message service (SMS) text messages were sent to cellphones used by employees who worked at targeted companies, prosecutors said. The fake messages appeared to be from the company or a service provider to the company.
Typically, the messages claimed employee accounts were to be deactivated. The messages told the employees to visit websites that asked them for confidential information, such as login credentials. Once the hackers got the credentials, they were able to access the accounts of the employees’ companies.
The hackers allegedly stole confidential information related to intellectual property, as well as access credentials, names, email addresses, and telephone numbers.
Potential Prison TimeIf convicted, each defendant faces a maximum of 20 years in prison for conspiracy to commit wire fraud, up to five years for conspiracy, and a mandatory two-year prison sentence for aggravated identity theft.
Buchanan could also face up to 20 years in prison for the wire fraud count, if he’s convicted of that charge.
hiennhi.com
