The US has indicted five people accused of years of hacking targeting tech and crypto giants

The US government has announced indictments against five people accused of years of hacking targeting tech giants and cryptocurrency owners, which security researchers call 0ktapus.

On Wednesday, the US Department of Justice published a press release announcing charges against five robbery suspects: Ahmed Hossam Eldin Elbadawy, 23, of College Station, Texas; Noah Michael Urban, 20, of Palm Coast, Florida; Evans Onyeaka Osiebo, 20, of Dallas, Texas; Joel Martin Evans, 25, of Jacksonville, North Carolina; and Tyler Robert Buchanan, 22, from the United Kingdom, who was arrested in Spain earlier this year.

The press release states that the five accused hackers targeted employees at American companies with phishing messages in order to steal their credentials, which they used to hack and steal company data, as well as millions of dollars worth of cryptocurrency. Hackers allegedly used SIM swapping attacks to steal employees’ phone numbers and obtain their passwords by using password reset features.

Victims named in court documents published Wednesday include US-based companies that provide entertainment products, virtual currency, cloud computing, and communication services. The hackers allegedly stole $6.3 million in cryptocurrency from one unnamed victim, the lawsuit said.

“We suspect that this group of cybercriminals carried out a sophisticated scheme to steal intellectual property and proprietary information worth tens of millions of dollars and steal the personal information of hundreds of thousands of people,” said US Attorney Martin Estrada, as quoted in the statement. .

As part of the announcement, the DOJ released three court documents related to the case.

Security researchers have linked the alleged hackers to a powerful hacking group called 0ktapus, through their use of hacking Okta portals used by tech giants. Hackers targeted hundreds of companies in a months-long hacking campaign in 2022, including Twilio, Coinbase, and Doordash, and in 2023 targeting game makers, including Riot Games.

These hackers are later believed to be involved in other cyber attacks under the Scattered Spider group. Ciaran McEnvoy, DOJ spokesperson, confirmed to TechCrunch that the five hackers are suspected to be part of a group known as Scattered Spider.

In one of the court documents, prosecutors described the cyber gang as a “loosely organized group of cybercriminals whose members primarily target large corporations and contract telecommunications, information technology, and business software outsourcing providers.”

According to one of the court documents, citing an FBI investigation, Buchanan and other criminals targeted at least 45 companies in Canada, the US, the UK and other countries.

Orban is accused of stealing more than $800,000 in Bitcoin and Ethereum from several victims, one of the court documents said. Some of the documents also mention “an innocent accomplice,” and “other accomplices,” suggesting that many suspects have yet to be publicly accused of crimes.

The criminals are said to be part of a wider community of cybercriminals that researchers call “Com,” an elaborate network of mostly young and old people, who are highly skilled in impersonating and using social engineering to trick employees into donating. their corporate passwords.

The National Crime Agency did not respond to a request for comment on Buchanan’s arrest.

Carly Page contributed reporting.