SECURITY
SECURITY
SECURITY
Suspected key member of Scattered Spider cybercrime group arrested in Spain
A 22-year-old U.K. man believed to be a key member of the Scattered Spider cybercrime group was arrested by police in Spain during the week as part of an ongoing investigation by the U.S. Federal Bureau of Investigation.
The arrest was first reported Friday by Murcia Today, who said that the man was arrested on suspicion of “being the ringleader of a hacking group which targeted 45 companies and people in the U.S.” The man stands accused of hacking into corporate accounts and stealing information which allowed his group to access millions in funds, including $27 million in bitcoin.
Murcia Today did not name the man, but other than noting that he was wanted on an arrest warrant issued by a judge in Los Angeles, then it gets more interesting. Krebs on Security reported Saturday that the man arrested is named Tyler Buchanan and that he’s allegedly the ringleader of Scattered Spider.
In another report, vx-underground claims that “Tyler” is a sim swapper and was involved with Scattered Spider. Most notably, it’s claimed that he was involved in the Scattered Spider attack on MGM Resorts International Inc. and other high-profile ransomware attacks undertaken by the group.
Scattered Spider, also known as “Octo Tempest” and UNC3944, first became active in early 2022, using extensive social engineering methods to target organizations worldwide and aiming for financial extortion. The group first targeted mobile telecommunications and business process outsourcing organizations, mainly for phone number-porting SIM swaps. By late 2022 and into early 2023, the group began to extort organizations using data stolen from them, sometimes even using physical threats as leverage.
By mid-2023, Scattered Spider/Octo Tempest reportedly joined forces with the better-known ALPHV/BlackCat ransomware as a service operation and began extorting victims using the ALPHV Collections leak site without deploying ransomware. The relationship later included the group deploying ALPHV/BlackCat ransomware, primarily targeting VMWare ESXi servers.
Scattered Spider targets technical administrators using social engineering. The group impersonates victims, often mimicking their speech patterns or pretending to be newly hired employees.
Its main methods for initial access include social engineering calls, purchasing employee credentials on the black market, SMS phishing and initiating SIM swaps, or setting up call forwarding on an employee’s phone. In some cases, it uses intimidation by sending threats to specific individuals.
Image: Policia Nacional/X
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
