A joint law enforcement operation led to the arrest of a key member of the cybercrime group known as Scattered Spider.
Spanish police arrested a 22-year-old British national who is suspected of being a key member of the cybercrime group known as Scattered Spider (also known as UNC3944, 0ktapus). The man was arrested in Palma de Mallorca while attempting to fly to Italy, during the arrest, police confiscated a laptop and a mobile phone. The arrest resulted from a joint operation conducted by the U.S. Federal Bureau of Investigation (FBI) and the Spanish Police.
“A 22-year-old British man has been arrested in Palma de Mallorca in a joint effort by Spanish police and the FBI on suspicion of being the ringleader of a hacking group which targeted 45 companies and people in the United States.” reported the Murcia Today. “He stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds.”
The cybercrime group Scattered Spider is suspected of hacking into hundreds of organizations over the past two years, including Twilio, LastPass, DoorDash, and Mailchimp.
While Murcia Today did not provide info about the arrested man, vx-underground states that the individual was involved in “several other high-profile ransomware attacks performed by Scattered Spider.”
vx-underground also added that the man arrested is a SIM-swapper known by the alias “Tyler.”
According to the Spanish police, the man once controlled Bitcoins worth $27 million. According to the malware research team, a judge in Los Angeles, California, has issued a warrant for the arrest of the British citizen. Spanish police tracked the suspect to Mallorca after he entered Spain via Barcelona in late May. The investigation is still ongoing. The police have yet to disclose the suspect’s identity.
The popular journalist Briand Krebs reported that sources familiar with the investigation told KrebsOnSecurity the man is a 22-year-old from Dundee, Scotland named Tyler Buchanan.
“Sources familiar with the investigation told KrebsOnSecurity the accused is a 22-year-old from Dundee, Scotland named Tyler Buchanan, also allegedly known as “tylerb” on Telegram chat channels centered around SIM-swapping.” states KrebsOnSecurity.
In January 2024, U.S. authorities arrested Noah Michael Urban, a 19-year-old from Palm Coast, Florida, suspected of being a member of the Scattered Spider cybercriminal group. He is accused of stealing at least $800,000 from five victims between August 2022 and March 2023. Urban, known online as “Sosa” and “King Bob,” is linked to the same group that hacked Twilio and other companies in 2022.
Scattered Spider members are part of a broader cybercriminal community called “The Com,” where hackers brag about high-profile cyber thefts, typically initiated through social engineering tactics like phone, email, or SMS scams to gain access to corporate networks.
“One of the more popular SIM-swapping channels on Telegram maintains a frequently updated leaderboard of the most accomplished SIM-swappers, indexed by their supposed conquests in stealing cryptocurrency. That leaderboard currently lists Sosa as #24 (out of 100), and Tylerb at #65.” continues Krebs.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Scattered Spider)