The 22-year-old English man arrested by police in Spain last week is connected to an underground crook bunch known as “the Com” and purportedly partook in harvesting almost 10,000 login qualifications connected with in excess of 130 organizations as a feature of high-profile 2022 phishing campaign, a specialist familiar with the matter told CyberScoop on Monday.
On Friday, Spanish police announced in a statement the arrest of an unidentified British national “responsible for the computer attack on 45 companies in the United States.”
The man was arrested at an airport in Palma — a resort city on the Spanish island of Mallorca — as he attempted to board a charter flight to Naples, police said.
“The man was the leader of an organized group dedicated to the theft of information from companies and cryptocurrencies and gained control of 391 bitcoins worth more than $27 million.” Spanish authorities said.
The person arrested went by the name “Tyler” and that he was a known sim-swapper “allegedly involved with the infamous Scattered Spider group” and “believed to be a key component of the MGM ransomware attack,” referring to the September 2023 attack on MGM Resorts. VX-Underground, an online malware research and repository, said in a post Saturday on the social media platform X.
The FBI declined to remark Monday, and alluded inquiries to the Department of Justice. Neither the National crime agency in London nor the British Department General in Madrid answered inquiries concerning the arrest. An individual who picked up the telephone in the press office of the National Police Corps in Spain alluded inquiries regarding the make a difference to partners in Palma, who could not be reached after remark.
Talking on state of obscurity because of the threats confronting researchers and others focused on the criminal ecosystem known as the Com, the specialist acquainted with the matter forewarned that it’s not satisfactory whether Buchanan was important for the group that attacked after MGM.
The researchers said that Buchanan was allegedly part of the group that carried out a phishing campaign dubbed “0ktapus” by cybersecurity firm Group-IB, wherein nearly 10,000 username/password credentials associated with more than 130 companies were harvested as part of a massive 2022 phishing campaign.
The two prominent targets of that campaign were Twilio, a cloud communications and marketing company, and Cloudflare, a content delivery network provider.
The researcher told CyberScoop that in January the federal authorities arrested 19-year-old Noah Michael Urban in Florida for his alleged role in stealing at least $800,000 from at least five different victims as part of a cybercriminal operation in 2022 and 2023. Urban — who went by “Sosa,” “Elijah,” “King Bob,” and “Anthony Ramirez” online — was part of the group with Buchanan who carried out the 0ktapus campaign.
The use of the term “Scattered Spider” to refer to a group of aggressive criminal hackers was coined by the cybersecurity firm Crowdstrike, but that group is more of an ecosystem made up of primarily young and brash personas, some of whom participate in various financially motivated cybercrimes or other criminal activity. People within the community refer to it as the Com, and subgroups within it engage in various criminal conspiracies that include extortion, violence as a service and sim-swapping.
Roughly 1,000 people compose the threat broadly defined as Scattered Spider, although it’s not clear how the bureau made that determination. The cybercriminals in that ecosystem present a top-three cybersecurity threat, said Bryan Vorndran, assistant director of the FBI’s cyber division, alongside the foreign intelligence agencies of China and Russia. A senior FBI official told a cybersecurity conference.
