Federal authorities have unveiled criminal charges against 5 individuals accused of directing a sophisticated phishing scheme targeting employees of companies across the United States.
The defendants allegedly used stolen credentials to access corporate systems, steal sensitive data, and hack cryptocurrency accounts, resulting in millions of dollars in losses.
The accused individuals are:-
- Ahmed Hossam Eldin Elbadawy, 23, from Texas
- Noah Michael Urban, 20, from Florida
- Evans Onyeaka Osiebo, 20, from Texas
- Joel Martin Evans, 25, from North Carolina
- Tyler Robert Buchanan, 22, from the United Kingdom
According to court documents, the group conducted their operations between September 2021 and April 2023. They sent mass SMS phishing messages to employees of various companies, posing as legitimate business service providers.
The Federal Authorities discovered that these messages contained warnings about account deactivation and directed recipients to fraudulent websites designed to capture login credentials.
Maximizing Cybersecurity ROI: Expert Tips for SME & MSP Leaders – Attend Free Webinar
Once the group obtained employee credentials, they used them to gain unauthorized access to corporate systems.
This allowed them to steal intellectual property, personal identifiers, and other confidential information. The stolen data was then used to break into cryptocurrency accounts, resulting in the theft of millions of dollars.
U.S. Attorney Martin Estrada emphasized the sophistication of the scheme, stating:-
“We allege that this group of cybercriminals perpetrated a sophisticated scheme to steal intellectual property and proprietary information worth tens of millions of dollars and steal personal information belonging to hundreds of thousands of individuals.”
The FBI has been actively involved in the investigation. Akil Davis, Assistant Director in Charge of the FBI’s Los Angeles field office, commented on the case, saying:-
“The defendants allegedly preyed on unsuspecting victims in this phishing scheme and used their personal information as a gateway to steal millions in their cryptocurrency accounts.”
Law enforcement actions against the group have been ongoing. Joel Martin Evans was arrested by the FBI in North Carolina and appeared in court on Tuesday.
Noah Michael Urban, already facing separate federal wire fraud and aggravated identity theft charges, has pleaded not guilty in a separate case. Tyler Robert Buchanan was arrested in June by Spanish police for his alleged involvement in computer attacks on 45 U.S. companies.
If convicted, the defendants face severe penalties, including up to 20 years in prison for wire fraud charges. The FBI, in collaboration with international law enforcement agencies, continues to investigate this case.
As these sophisticated phishing schemes become more prevalent, individuals and companies must remain alert to potential threats and implement robust security measures to safeguard their data and assets.
Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN -> Try for Free