The U.S. Department of Justice has officially charged five individuals for their roles in a multi-year cybercrime campaign that compromised major technology firms and cryptocurrency holders. The group, widely identified by security researchers as the “0ktapus” collective or “Scattered Spider,” allegedly orchestrated sophisticated phishing and SIM-swapping attacks to siphon millions in digital assets and proprietary data.
Key Defendants and Charges
On Wednesday, federal authorities unsealed indictments against the following five defendants:
- Ahmed Hossam Eldin Elbadawy (23, Texas)
- Noah Michael Urban (20, Florida)
- Evans Onyeaka Osiebo (20, Texas)
- Joel Martin Evans (25, North Carolina)
- Tyler Robert Buchanan (22, UK; arrested in Spain)
The Modus Operandi: Phishing and SIM Swapping
The criminal enterprise relied on high-precision social engineering. The defendants allegedly sent targeted phishing text messages to employees of prominent American companies. By spoofing login portals—specifically mimicking authentication provider Okta—the group successfully harvested credentials to infiltrate corporate networks.
Beyond simple phishing, the hackers utilized SIM-swapping to hijack phone numbers, allowing them to bypass multi-factor authentication by triggering password resets. These methods facilitated the theft of intellectual property and tens of millions of dollars in cryptocurrency. One specific victim reportedly lost $6.3 million in crypto assets alone.
Scope of the ‘Scattered Spider’ Operation
The DOJ confirmed that the defendants are members of the notorious “Scattered Spider” group. Court documents detail a wide-reaching operation that targeted at least 45 companies across the U.S., Canada, and the U.K. Their primary victims included major players in cloud communications, telecommunications, virtual currency, and entertainment.
The unsealed court filings highlight the technical roles within the organization:
- Joel Martin Evans: Accused of developing phishing software and managing Telegram channels for trading stolen credentials.
- Noah Michael Urban: Allegedly responsible for the theft of over $800,000 in Bitcoin and Ethereum.
- Infrastructure: Investigators recovered stolen credentials at Elbadawy’s residence during a 2023 search.
A New Generation of Cybercriminals
The group is reportedly part of a broader, nebulous underground community known as “the Com.” Comprised largely of young adults and teenagers, this network specializes in advanced social engineering and impersonation. Prosecutors noted that the current indictments likely represent only a portion of the criminal ring, as court documents explicitly mention “other co-conspirators” who remain under investigation.
U.S. Attorney Martin Estrada emphasized the severity of the case, stating that the group perpetrated a scheme to steal proprietary information worth tens of millions and compromised the personal data of hundreds of thousands of individuals.