Five alleged members of the Scattered Spider hacking group have been charged in connection with a sophisticated phishing scheme that led to millions of dollars in stolen cryptocurrency and sensitive company data.

Among the defendants, four are American men aged 20 to 25, with Joel Martin Evans making his court appearance following an FBI arrest on November 19, 2024.

The group is suspected of collaborating with BlackCat, functioning as affiliates who infiltrate networks to deploy malware.

The phishing attacks executed by Scattered Spider were highly sophisticated and difficult to detect, even against advanced security measures.

Investigations traced many phishing domains back to Tyler Buchanan, who was arrested in Spain while attempting to flee to Italy, with evidence found at his home indicating his involvement.

Victims were deceived into providing confidential information, including login credentials, often after receiving fraudulent two-factor authentication requests on their mobile devices.

Scattered Spider has been linked to the deployment of BlackCat ransomware and the 0ktapus campaign, which affected over 130 organizations.

The group has been implicated in high-profile cyberattacks, including a ransomware attack on MGM Resorts in September 2023, which disrupted multiple casinos.

Scattered Spider primarily targets large companies and their suppliers in the telecommunications, IT, and BPO sectors, according to the indictment.

FBI Assistant Director Akil Davis emphasized the widespread nature of such fraudulent schemes and their devastating impact on victims, highlighting the growing threat of phishing as decentralized assets gain popularity.

An estimated 10,000 individuals may have had their credentials stolen by Scattered Spider, which has reportedly stolen over $11 million from approximately 30 victims.

While it remains unclear whether the five accused were involved in the casino hacks, court documents suggest the existence of additional co-conspirators who have not yet been publicly charged.