Phishing Scheme That Generated $11M Taken Down

Uploaded on 2024-11-23 in TECHNOLOGY--Hackers, GOVERNMENT-Law Enforcement, FREE TO VIEW

US law enforcement has charged five people who are accused of targeting employees of US companies with phishing text messages. They then used the employee credentials to log in and steal confidential company data and other information enabling them to hack into crypto currency accounts to steal millions of dollars.

Court documents say the five are accused of stealing $11 million worth of cryptocurrency from at least 29 victims in addition to taking significant amounts of illegally-obtained corporate documents.

The charges relate to a crime group known as Scattered Spider, thought to be behind a massive breach on the US casinos operator MGM in 2023 that cost the casino and resort company $100 million. MGM shut down large parts of its internal networks after discovering the breach, causing slot machines and keycards for thousands of hotel rooms to stop working and slowing electronic transfers.

“We allege that this group of cybercriminals perpetrated a sophisticated scheme to steal intellectual property and proprietary information worth tens of millions of dollars and steal personal information belonging to hundreds of thousands of individuals,” said United States Attorney Martin Estrada.

“As this case shows, phishing and hacking has become increasingly sophisticated and can result in enormous losses. If something about the text or email you received or website you’re viewing seems off, it probably is.” Estrada said.

According to court documents, the defendants conducted phishing attacks by sending mass short message service (SMS) text messages to mobile phones of numerous victim companies’ employees between September 2021 and April 2023. The messages purported to be from the victim company or a contracted information technology or business services supplier of the victim company.

The phishing text messages often stated that the employees’ accounts were about to be deactivated and provided links to phishing websites which were designed to look like legitimate websites of the victim companies or their contracted suppliers and lure the recipient into providing confidential information, including account login credentials. Some employees went to the phishing websites, entered their credentials, and sometimes authenticated their identities using a two-factor authentication request sent to their mobile phones.

The defendants then used the stolen credentials to gain unauthorised access the accounts of victim companies’ employees and the companies’ computer systems to steal confidential information. The theft included confidential work product, intellectual property, and personal identifying information, such as account access credentials, names, email addresses, and telephone numbers.

The group also used stolen information obtained from victim company intrusions, leaked data sets, and other sources, to gain unauthorised access to numerous individuals’ crypto currency accounts and wallets and steal millions of dollars’ worth of virtual currency.

The defendants face a statutory maximum sentence of 20 years in federal prison for conspiracy to commit wire fraud, plus up to five years in federal prison for the conspiracy count, and a mandatory two-year consecutive prison sentence for aggravated identity theft.

Image: Ideogram

You Might Also Read:

Interpol Takes Down Cybercrime Network:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.