A British national has pleaded guilty in a US court to conspiracy to hack into the networks of dozens of companies and to stealing millions in cryptocurrency, the Department of Justice announced.
The man, Tyler Robert Buchanan, 24, of Dundee, Scotland, was arrested in June 2024 in Spain and was charged in the US in November 2024 for his role in the financially motivated hacking group Scattered Spider.
Buchanan admitted to conducting SMS phishing attacks, bombarding a victim company’s employees with hundreds of messages linking to phishing sites designed to harvest credentials and personally identifiable information (PII).
Using the stolen information, Buchanan and his co-conspirators accessed the employees’ accounts and the victim company’s systems, stealing sensitive information such as intellectual property, PII, credentials, and confidential documents.
They used a phishing kit to capture the employees’ credentials and send them to a Telegram channel that Buchanan and a co-conspirator managed.
Buchanan also admitted to using the stolen information to identify virtual currency accounts and wallets of numerous individuals. He and his co-conspirators stole at least $8 million in cryptocurrency from victims in the US.
To access the wallets and bypass multi-factor authentication (MFA), the conspirators relied on SIM swapping, which involves reassigning the victim’s phone number to a SIM card under the attackers’ control.
This allowed the hackers to intercept two-factor authentication codes and access the victims’ accounts.
In April 2023, law enforcement found at Buchanan’s Scotland residence a device containing the names and addresses of multiple victims, as well as a file containing cryptocurrency seed phrases and login information for a victim account.
Buchanan is scheduled for sentencing on August 21. In August last year, his co-conspirator Noah Michael Urban was sentenced to 10 years in prison for his role in the Scattered Spider group.
Three other individuals were charged in the case: Ahmed Hossam Eldin Elbadawy, 23, of College Station, Texas; Evans Onyeaka Osiebo, 20, of Dallas, Texas; and Joel Martin Evans, 25, of Jacksonville, North Carolina.
Also known as Muddled Libra, Scatter Swine, Starfraud, and UNC3944, Scattered Spider made headlines several times over the past years for high-profile cyber intrusions such as the hospitality and entertainment giant MGM Resorts and last year’s attacks against retailers in the UK and the US.
Related: Another DraftKings Hacker Sentenced to Prison
Related: Two North Korean IT Worker Scheme Facilitators Jailed in the US
Related: Sweden Blames Pro-Russian Group for Cyberattack Last Year on Its Energy Infrastructure
Related: 53 DDoS Domains Taken Down by Law Enforcement
