{"id":2106,"date":"2025-05-04T23:03:25","date_gmt":"2025-05-04T23:03:25","guid":{"rendered":"https:\/\/techtrendfeed.com\/?p=2106"},"modified":"2025-05-04T23:03:25","modified_gmt":"2025-05-04T23:03:25","slug":"alleged-scattered-spider-member-extradited-to-u-s-krebs-on-safety","status":"publish","type":"post","link":"https:\/\/techtrendfeed.com\/?p=2106","title":{"rendered":"Alleged \u2018Scattered Spider\u2019 Member Extradited to U.S. \u2013 Krebs on Safety"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p>A 23-year-old Scottish man considered a member of the prolific <strong>Scattered Spider<\/strong> cybercrime group was extradited final week from Spain to america, the place he&#8217;s going through expenses of wire fraud, conspiracy and identification theft. U.S. prosecutors allege <strong>Tyler Robert Buchanan<\/strong> and co-conspirators hacked into dozens of firms in america and overseas, and that he personally managed greater than $26 million stolen from victims.<\/p>\n<p>Scattered Spider is a loosely affiliated prison hacking group whose members have damaged into and stolen information from a few of the world\u2019s largest know-how firms. Buchanan was arrested in Spain final 12 months on a warrant from the FBI, which wished him in reference to a sequence of SMS-based phishing assaults in the summertime of 2022 that led to intrusions at Twilio, LastPass, DoorDash, Mailchimp, and plenty of different tech corporations.<\/p>\n<div id=\"attachment_67783\" style=\"width: 758px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" aria-describedby=\"caption-attachment-67783\" decoding=\"async\" class=\" wp-image-67783\" src=\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2024\/06\/tylerb.png\" alt=\"\" width=\"748\" height=\"308\"\/><\/p>\n<p id=\"caption-attachment-67783\" class=\"wp-caption-text\">Tyler Buchanan, being escorted by Spanish police on the airport in Palma de Mallorca in June 2024.<\/p>\n<\/div>\n<p>As <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/krebsonsecurity.com\/2024\/06\/alleged-boss-of-scattered-spider-hacking-group-arrested\/\" target=\"_blank\" rel=\"noopener\">first reported<\/a> by KrebsOnSecurity, Buchanan (a.ok.a. \u201ctylerb\u201d) fled the UK in February 2023, after a rival cybercrime gang employed thugs to invade his residence, assault his mom, and threaten to burn him with a blowtorch until he gave up the keys to his cryptocurrency pockets. Buchanan was arrested in June 2024 on the airport in Palma de Mallorca whereas making an attempt to board a flight to Italy. His extradition to america was <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.bloomberg.com\/news\/articles\/2025-04-24\/scattered-spider-hacking-suspect-extradited-to-us-from-spain\" target=\"_blank\" rel=\"noopener\">first reported<\/a> final week by <strong>Bloomberg<\/strong>.<\/p>\n<p>Members of Scattered Spider have been <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/cyberscoop.com\/youth-hacking-ring-at-the-center-of-cybercrime-spree\/\" target=\"_blank\" rel=\"noopener\">tied<\/a> to the 2023 ransomware assaults towards <strong>MGM<\/strong> and <strong>Caesars<\/strong> casinos in Las Vegas, however it stays unclear whether or not Buchanan was implicated in that incident. The Justice Division\u2019s criticism towards Buchanan makes no point out of the 2023 ransomware assault.<\/p>\n<p>Fairly, the investigation into Buchanan seems to middle on the SMS phishing campaigns from 2022, and on <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/krebsonsecurity.com\/category\/sim-swapping\/\" target=\"_blank\" rel=\"noopener\">SIM-swapping assaults<\/a> that siphoned funds from particular person cryptocurrency buyers. In a SIM-swapping assault, crooks switch the goal\u2019s cellphone quantity to a tool they management and intercept any textual content messages or cellphone calls to the sufferer\u2019s machine \u2014 together with one-time passcodes for authentication and password reset hyperlinks despatched through SMS.<\/p>\n<p>In August 2022, KrebsOnSecurity <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/krebsonsecurity.com\/2022\/08\/how-1-time-passcodes-became-a-corporate-liability\/\" target=\"_blank\" rel=\"noopener\">reviewed information harvested in a months-long cybercrime marketing campaign by Scattered Spider<\/a> involving numerous SMS-based phishing assaults towards workers at main firms. The safety agency <strong>Group-IB<\/strong> referred to as them by a unique identify \u2014 <strong>0ktapus<\/strong>, as a result of the group sometimes spoofed the identification supplier <strong>Okta<\/strong> of their phishing messages to workers at focused corporations.<\/p>\n<div id=\"attachment_61078\" style=\"width: 654px\" class=\"wp-caption aligncenter\"><img aria-describedby=\"caption-attachment-61078\" decoding=\"async\" loading=\"lazy\" class=\"wp-image-61078 size-full\" src=\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2022\/08\/twiliophish.png\" alt=\"\" width=\"644\" height=\"471\"\/><\/p>\n<p id=\"caption-attachment-61078\" class=\"wp-caption-text\">A Scattered Spider\/0Ktapus SMS phishing lure despatched to Twilio workers in 2022.<\/p>\n<\/div>\n<p>The <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2025\/04\/tylerb-complaint.pdf\" target=\"_blank\" rel=\"noopener\">criticism towards Buchanan<\/a> (PDF) says the FBI tied him to the 2022 SMS phishing assaults after discovering the identical username and e mail tackle was used to register quite a few Okta-themed phishing domains seen within the marketing campaign. The area registrar <strong>NameCheap<\/strong> discovered that lower than a month earlier than the phishing spree, the account that registered these domains logged in from an Web tackle within the U.Ok. FBI investigators mentioned the Scottish police instructed them the tackle was leased to Buchanan from January 26, 2022 to November 7, 2022.<\/p>\n<p>Authorities seized not less than 20 digital units after they raided Buchanan\u2019s residence, and on a type of units they discovered usernames and passwords for workers of three completely different firms focused within the phishing marketing campaign.<\/p>\n<p>\u201cThe FBI\u2019s investigation to this point has gathered proof exhibiting that Buchanan and his co-conspirators focused not less than 45 firms in america and overseas, together with Canada, India, and the UK,\u201d the FBI criticism reads. \u201cConsidered one of Buchanan\u2019s units contained a screenshot of Telegram messages between an account recognized for use by Buchanan and different unidentified co-conspirators discussing dividing up the proceeds of SIM swapping.\u201d<span id=\"more-71147\"\/><\/p>\n<p>U.S. prosecutors allege that data obtained from Discord confirmed the identical U.Ok. Web tackle was used to function a Discord account that specified a cryptocurrency pockets when asking one other person to ship funds. The criticism says the publicly accessible transaction historical past for that cost tackle reveals roughly 391 bitcoin was transferred out and in of this tackle between October 2022 and<br \/>February 2023; 391 bitcoin is presently value greater than $26 million.<\/p>\n<p>In November 2024, federal prosecutors in Los Angeles <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/krebsonsecurity.com\/2024\/11\/feds-charge-five-men-in-scattered-spider-roundup\/\" target=\"_blank\" rel=\"noopener\">unsealed prison expenses towards Buchanan<\/a> and 4 different alleged Scattered Spider members, together with <strong>Ahmed Elbadawy<\/strong>, 23, of Faculty Station, Texas; <strong>Joel Evans<\/strong>, 25, of Jacksonville, North Carolina; <strong>Evans Osiebo<\/strong>, 20, of Dallas; and <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/krebsonsecurity.com\/2024\/01\/fla-man-charged-in-sim-swapping-spree-is-key-suspect-in-hacker-groups-oktapus-scattered-spider\/\" target=\"_blank\" rel=\"noopener\"><strong>Noah City<\/strong><\/a>, 20, of Palm Coast, Florida. KrebsOnSecurity <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/krebsonsecurity.com\/2024\/09\/the-dark-nexus-between-harm-groups-and-the-com\/\" target=\"_blank\" rel=\"noopener\">reported final 12 months<\/a> that one other suspected Scattered Spider member \u2014 a 17-year-old from the UK \u2014 was arrested as a part of a joint investigation with the FBI into the MGM hack.<\/p>\n<p>Mr. Buchanan\u2019s court-appointed legal professional didn&#8217;t reply to a request for remark. The accused faces expenses of wire fraud conspiracy, conspiracy to acquire info by pc for personal monetary acquire, and aggravated identification theft. Convictions on the latter cost carry a minimal sentence of two years in jail.<\/p>\n<p>Paperwork from the U.S. District Court docket for the Central District of California point out Buchanan is being held with out bail pending trial. A preliminary listening to within the case is slated for Might 6.<\/p>\n<\/p><\/div>\n\n","protected":false},"excerpt":{"rendered":"<p>A 23-year-old Scottish man considered a member of the prolific Scattered Spider cybercrime group was extradited final week from Spain to america, the place he&#8217;s going through expenses of wire fraud, conspiracy and identification theft. U.S. prosecutors allege Tyler Robert Buchanan and co-conspirators hacked into dozens of firms in america and overseas, and that he [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":2108,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[2074,2077,262,252,2075,211,2076,2058],"class_list":["post-2106","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-alleged","tag-extradited","tag-krebs","tag-member","tag-scattered","tag-security","tag-spider","tag-u-s"],"_links":{"self":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/2106","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2106"}],"version-history":[{"count":1,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/2106\/revisions"}],"predecessor-version":[{"id":2107,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/2106\/revisions\/2107"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/media\/2108"}],"wp:attachment":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2106"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2106"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2106"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<!-- This website is optimized by Airlift. Learn more: https://airlift.net. Template:. Learn more: https://airlift.net. Template: 69d9690a190636c2e0989534. Config Timestamp: 2026-04-10 21:18:02 UTC, Cached Timestamp: 2026-05-14 23:23:56 UTC -->