The US Ministry of Justice has recently made accusations against five alleged participants in the Scatted Spider group, who are accused of running a scheme that targeted victim companies through phishing texts. This criminal activity took place between September 2021 and April 2023, during which millions of dollars in cryptocurrencies were stolen using stolen accounting data. The group targeted both individuals and companies in their attacks.
Scatted Spider is known for its expertise in social engineering attacks, posing as technical support specialists to carry out phishing and smishing (SMS phishing) attacks on employees of target organizations. The group utilized various methods to steal confidential information.
According to the investigation, the accused individuals organized a series of attacks by sending phishing SMS messages to employees of different companies. These messages falsely claimed issues such as account or VPN network blocks, and included links to fake websites that mimicked the companies’ portals. Employees unknowingly entered sensitive data, including accounting records and two-factor authentication codes, on these fraudulent sites.
The stolen accounting data was then used to extract confidential information like databases, intellectual property, and personal data. The group also employed the SIM swapping method to hijack email accounts, enabling them to control phone numbers and cryptocurrencies and transfer funds to their own accounts.
The accused individuals, four US citizens and one citizen of Great Britain aged between 20 and 25, each face potential prison sentences of up to 20 years for wire fraud, 5 years for conspiracy, and an additional mandatory 2-year term for personal data theft.
Scatted Spider, also known as 0ktapus, Scatter Swine, and Octo Tempest, is a group of English-speaking hackers with varying levels of expertise. The group’s flexible organizational structure makes it challenging to trace their activities and attribute attacks to specific individuals. Their high-profile attack on MGM Resorts and Caesars Entertainment last year, causing disruptions in Las Vegas casinos and hotels, elevated their reputation in the cyber criminal community.
In a significant development, a 22-year-old British citizen believed to be a member of Scatted Spider was arrested in Spain in June while attempting to board a flight to Italy. Additionally, in July, a 17-year-old teenager associated with the group was apprehended by law enforcement.
Earlier statements from the FBI suggested that Scatted Spider is composed mainly of young individuals, possibly even teenagers. The use of aggressive tactics by the attackers may stem from their youthful ages and a sense of bravado. The investigation into the group’s criminal activities continues.