US Charges Five Accused in Multi-Year Hacking Spree Targeting Tech and Crypto Giants

Breaking News: U.S. Government Charges Five Individuals in Multi-Year Hacking Spree

On Wednesday, the U.S. Department of Justice (DOJ) published a press release announcing charges against five individuals accused of carrying out a multi-year hacking spree targeting tech giants and cryptocurrency owners. The alleged hackers have been linked to a prolific hacking group called 0ktapus, known for their sophisticated attacks on large companies.

The Accused Hackers

The five accused hackers are:

1. Ahmed Hossam Eldin Elbadawy, 23, of College Station, Texas
2. Noah Michael Urban, 20, of Palm Coast, Florida
3. Evans Onyeaka Osiebo, 20, of Dallas, Texas
4. Joel Martin Evans, 25, of Jacksonville, North Carolina
5. Tyler Robert Buchanan, 22, from the United Kingdom, who was arrested in Spain earlier this year

The Hacking Scheme

According to the DOJ press release, the five accused hackers targeted employees at American companies with phishing text messages, aiming to steal their credentials. They then used these stolen credentials to break into company systems and steal sensitive data, including cryptocurrency worth millions of dollars.

Victims of the Hacking Spree

The court documents published on Wednesday mention several U.S.-based organizations that were targeted by the hackers, including:

• Entertainment companies
• Virtual currency providers
• Cloud communication platforms
• Telecommunication services

One of the victims allegedly lost $6.3 million in cryptocurrency to the hackers.

U.S. Attorney Martin Estrada’s Statement

"We allege that this group of cybercriminals perpetrated a sophisticated scheme to steal intellectual property and proprietary information worth tens of millions of dollars and steal personal information belonging to hundreds of thousands of individuals," said U.S. Attorney Martin Estrada.

Previous Connections to 0ktapus and Scattered Spider

Security researchers have previously linked the alleged hackers to the prolific hacking group 0ktapus, known for their use of spoofing Okta login portals used by tech giants. In 2022 and 2023, the group targeted hundreds of companies, including Twilio, Coinbase, and DoorDash.

The DOJ confirmed that the five hackers are suspected of being part of the Scattered Spider group, a loosely organized financially motivated cybercriminal gang.

Alleged Motivations and Tactics

According to one of the court documents, the hackers used fake websites of Okta, a popular secure authentication provider, to trick employees into handing over their corporate passwords. The document also mentions an "unindicted co-conspirator" and "other co-conspirators," suggesting there may be additional suspects yet to be publicly accused.

The Role of 0ktapus and Scattered Spider

The hackers are said to be part of a wider cybercriminal community referred to by researchers as "the Com," a largely nebulous network of mostly young adults and teenagers who are highly proficient in impersonation and social engineering techniques. The Com is known for its sophisticated attacks on large companies.

The Impact of the Hacking Spree

The multi-year hacking spree has resulted in significant losses for several U.S.-based organizations, with one victim losing $6.3 million in cryptocurrency alone. The DOJ’s announcement brings hope to victims and raises concerns about the ongoing threat posed by cybercrime groups like 0ktapus and Scattered Spider.

What’s Next?

The investigation is ongoing, and the five accused hackers face significant charges for their alleged involvement in the multi-year hacking spree. As the case unfolds, it will be interesting to see how the DOJ addresses the complexities of cybercrime and the role of groups like 0ktapus and Scattered Spider.

Related News

• US government charges operators of crypto mixing service used by North Korea and ransomware gangs: The U.S. Department of Justice has charged several individuals for their alleged involvement in a cryptocurrency mixing service that facilitated transactions with North Korean entities and ransomware groups.
• Meet the Chinese ‘Typhoon’ hackers preparing for war: A recent report highlighted the activities of the Typhoon group, a Chinese hacking collective believed to be developing capabilities to support cyber warfare.

Stay Informed

Subscribe to TechCrunch’s daily newsletter to stay up-to-date on the latest news and developments in the tech industry. Follow us on social media to get real-time updates and expert analysis on the most pressing issues facing the world of technology.