After eluding capture for more than two years following a massive hack targeting the world’s largest technology company, U.S. authorities say they have finally arrested at least some of the hackers responsible.
In August 2022, security researchers released an alert stating that a group of hackers had targeted more than 130 organizations as part of a sophisticated phishing campaign that stole the credentials of nearly 10,000 employees. Hackers specifically targeted companies that use Okta, a single sign-on (SSO) provider used by thousands of companies around the world to allow employees to log in from home.
Because of its focus on Okta, this hacking group was dubbed “0ktapus.” To date, the group has hacked dozens of companies, including Caesars Entertainment, Coinbase, DoorDash, Mailchimp, Riot Games, and Twilio (twice).
The most notable large-scale cyberattack by hackers in terms of downtime and impact was the September 2023 hack of MGM Resorts, which reportedly caused at least $100 million in losses to the casino and hotel giant. In this case, the hackers worked with the Russian-speaking ransomware group ALPHV to demand a ransom from MGM to get their files back. The hack was so devastating that the MGM-owned casino had trouble providing service for several days.
As law enforcement approaches hackers over the past two years, people in the cybersecurity industry have been trying to figure out how exactly to classify hackers and whether to categorize them into specific groups.
Hackers’ techniques, including social engineering, email and text message phishing, and SIM swapping, are common and widespread. Some of the individual hackers were part of multiple groups responsible for various data breaches. This situation makes it difficult to understand exactly who belongs to which group. Cybersecurity giant CrowdStrike has dubbed this group of hackers the “Scattered Spider,” and researchers believe there is some overlap with 0ktapus.
The group is so active and successful that US cybersecurity agencies CISA and the FBI have issued an advisory with details about the group’s activities and techniques in late 2023 to help organizations prepare for and defend against expected attacks. .
Scattered Spider is “a cybercriminal group that targets large corporations and their contracted IT help desks,” CISA wrote in the advisory. The agency warned that the group “has typically been stealing data for extortion purposes” and cited known links to ransomware gangs.
One thing that is relatively certain is that hackers are mostly English-speaking and widely known as teenagers and early twenties, sometimes referred to as “advanced persistent teenagers.”
“The number of minors involved is so high that the lenient legal environment in which those minors exist allows groups to knowingly recruit minors and know that if police catch them, nothing will happen,” said Allison Nixon, Chief Research Officer. says: Unit 221B told TechCrunch at the time.
Over the past two years, some members of 0ktapus and Scattered Spider have been linked to a similarly obscure group of cybercriminals known as “Com.” People in this extensive cybercrime community commit crimes that have crossed over into the real world. Some of them are responsible for acts of violence such as robbery, theft and bricklaying. That means hiring thugs to throw bricks at someone’s house or apartment. In some cases, someone tricks authorities into believing a violent crime is taking place, leading to armed police intervention. Although swatting was created as a joke, it is known to have fatal consequences.
After two years of hacking, authorities have finally begun to identify and prosecute Scattered Spider members.
In July, British police confirmed they had arrested a 17-year-old in connection with the MGM hacking incident.
Last November, the U.S. Department of Justice announced the indictment of five hackers. Ahmed Hossam Eldin Elbadawy, 23, of College Station, Texas; Noah Michael Urban, 20, of Palm Coast, Florida, who was arrested in January; Evans Onyeaka Osiebo, 20, from Dallas, Texas; Joel Martin Evans, 25, of Jacksonville, North Carolina; and British Tyler Robert Buchanan, 22, who was arrested in Spain last June.
