Five Charged in Sophisticated Phishing Scheme Linked to 'Scattered Spider' Cybercrime Group

The group allegedly stole millions in cryptocurrency and sensitive data using targeted phishing attacks on employees of major companies.

U.S. prosecutors have charged five individuals, aged 20 to 25, for their alleged roles in the 'Scattered Spider' cybercrime group, which targeted employees of tech, gaming, and cryptocurrency companies.
The group allegedly conducted phishing attacks from September 2021 to April 2023, sending fraudulent text messages to employees to steal login credentials and two-factor authentication codes.
Using the stolen credentials, the hackers reportedly accessed corporate systems to exfiltrate sensitive data and steal millions of dollars from cryptocurrency wallets.
Notable incidents tied to 'Scattered Spider' include the 2023 ransomware attacks on MGM Resorts and Caesars Entertainment, resulting in significant operational disruptions and a $15 million ransom payment by Caesars.
The accused face charges including conspiracy to commit wire fraud, aggravated identity theft, and wire fraud, carrying potential sentences of up to 20 years in prison per charge.