Former U.S. Army soldier Cameron John Wagenius has officially pleaded guilty to orchestrating a sophisticated cyberattack campaign against telecommunications companies. According to a Department of Justice announcement on Tuesday, Wagenius engaged in large-scale data theft and extortion, threatening to leak sensitive corporate information.
The Modus Operandi: From Brute Force to Extortion
Operating under the pseudonym “kiberphant0m,” Wagenius conspired to defraud at least 10 victim organizations. The operation utilized brute force attacks and other specialized techniques to harvest login credentials. The group coordinated their illicit activities through Telegram group chats, where they exchanged stolen data and strategized further infiltrations.
The criminal enterprise extended beyond simple data theft. Wagenius and his accomplices leveraged stolen credentials to facilitate secondary crimes, including SIM swapping, and actively attempted to extort victims. These threats were publicized on high-profile hacking forums, most notably BreachForums, where the group also trafficked stolen corporate data.
Previous Breaches and Legal Consequences
This guilty plea follows an earlier admission of guilt by Wagenius regarding specific attacks on major carriers AT&T and Verizon. That particular breach resulted in the unauthorized exfiltration of a massive volume of customer call records.
Connection to Cloud Infrastructure Attacks
Investigative findings have further linked Wagenius to a broader wave of cyberattacks stemming from the initial breach of cloud computing giant Snowflake. This connection highlights the ripple effect of large-scale cloud infrastructure compromises on downstream telecommunications security.
Wagenius is currently awaiting sentencing, which is scheduled for October 6. He faces a maximum statutory penalty of 20 years in federal prison for his role in the hacking and extortion conspiracy.