Former US Army member confesses to Telecom hack and extortion conspiracy
Former US Army member confesses to Telecom hack and extortion conspiracy
July 16, 2025
A former US Army soldier pleaded guilty to hacking telecom databases, stealing data, and extorting companies by threatening to release the stolen info.
A former Army soldier, Cameron John Wagenius (21) pleaded guilty to conspiring to hack telecom companies’ databases, steal sensitive records, and extort victims by threatening to release stolen data unless ransoms were paid.
“A former Army soldier, who was most recently stationed in Texas, pleaded guilty today to conspiring to hack into telecommunications companies’ databases, access sensitive records, and extort the telecommunications companies by threatening to release the stolen data unless ransoms were paid.” reads the press release published by DoJ.
Between April 2023 and December 2024, while on active duty, Wagenius used the alias “kiberphant0m” and hacking tools like SSH Brute to access at least 10 organizations’ networks. The group shared stolen credentials via Telegram and sold data on cybercrime forums, extorting over $1 million and using data for additional frauds such as SIM-swapping.
“After data was stolen, the conspirators extorted the victim organizations both privately and in public forums. The extortion attempts included threats to post the stolen data on cybercrime forums such as BreachForums and XSS.is. The conspirators offered to sell stolen data for thousands of dollars via posts on these forums.” continues the press release. “They successfully sold at least some of this stolen data and also used stolen data to perpetuate other frauds, including SIM-swapping. In total, Wagenius and his co-conspirators attempted to extort at least $1 million from victim data owners.”
On December 20, 2024, US authorities arrested Wagenius, a US Army soldier, suspected of involvement in leaking presidential call logs.
The soldier was arrested in Fort Hood, Texas, he is suspected to be the hacker who used the moniker ‘Kiberphant0m’ leaked and sold call records stolen from AT&T and Verizon.
At the time, the man was charged with two counts of unlawful transfer of confidential phone records information.
The journalist Brian Krebs first linked Wagenius to hacks involving top U.S. officials’ call records. A sparse indictment offers no details on allegations, but Krebs linked U.S. Army soldier Cameron Wagenius, allegedly “Kiberphant0m,” to hacking telecoms like AT&T and Verizon, leaks of government call logs, and ties to Canadian hacker “Judische.” His mother, unaware of his hacking, said Wagenius worked in Army network communications in South Korea and had always aspired to serve. The case emerged after threats, data leaks, and SIM-swap offers linked to Kiberphant0m surfaced online.
After Moucka‘s arrest, Kiberphant0m leaked alleged call logs for Trump and Harris, NSA data, Verizon call logs, and offered a SIM-swapping service on BreachForums.
“The sparse, two-page indictment (PDF) doesn’t reference specific victims or hacking activity, nor does it include any personal details about the accused. But a conversation with Wagenius’ mother — Minnesota native Alicia Roen — filled in the gaps.” Krebs wrote.
“Roen said that prior to her son’s arrest he’d acknowledged being associated with Connor Riley Moucka, a.k.a. “Judische,” a prolific cybercriminal from Canada who was arrested in late October for stealing data from and extorting dozens of companies that stored data at the cloud service Snowflake.
In an interview with KrebsOnSecurity, Judische said he had no interest in selling the data he’d stolen from Snowflake customers and telecom providers, and that he preferred to outsource that to Kiberphant0m and others. Meanwhile, Kiberphant0m claimed in posts on Telegram that he was responsible for hacking into at least 15 telecommunications firms, including AT&T and Verizon.”
Kiberphant0m claimed on Telegram to have hacked 15 telecom firms, including AT&T and Verizon.
Wagenius pleaded guilty to conspiracy to commit wire fraud, extortion related to computer fraud, and aggravated identity theft. He faces up to 20 years for wire fraud, five years for extortion, and a mandatory two-year sentence for identity theft. Sentencing is scheduled for October 6.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, US Army)
