Topics
Latest
AI
Amazon
Image Credits:Lorenzo Franceschi-Bicchierai / TechCrunch
Apps
Biotech & Health
Climate
Image Credits:Lorenzo Franceschi-Bicchierai / TechCrunch
Cloud Computing
Commerce
Crypto
Enterprise
EVs
Fintech
Fundraising
Gadgets
Gaming
Government & Policy
ironware
layoff
Media & Entertainment
Meta
Microsoft
Privacy
Robotics
Security
Social
Space
Startups
TikTok
Transportation
Venture
More from TechCrunch
effect
Startup Battlefield
StrictlyVC
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
adjoin Us
After duck gaining control for more than two age following a hacking spree that targeted some of the humans ’s giving tech party , U.S. authorities say they have eventually caught at least some of the hackers responsible .
In August 2022,security investigator snuff it publicwith a warning that a grouping of hackers had place over 130 organizations as part of a advanced phishing safari that stole the certificate of almost 10,000 employee . The hacker were specifically place company that usedOkta , a single signaling - on provider used by thousands of companies worldwide to allow their employees access from place .
Because of its focus on Okta , the hacking groupwas dubbed “ 0ktapus . ” To day of the month , the radical hackedCoinbase , DoorDash , Mailchimp , Riot Games , Twilio ( twice ) , anddozens more .
The hackers ’ most notable sizable cyberattack by way of downtime and impact wasthe hack against MGM Resortsin September 2023 , which reportedly be the casino and hotel giant at least $ 100 million . In that case , the cyberpunk worked with the Russian - speak ransomware gang ALPHV and demand a ransom from MGM for the company to get its file cabinet back . The drudge was so turbulent that the casinos have by MGMhad trouble ply servicesfor days .
For the last two years , as law enforcement has been close in on the hacker , multitude in the cybersecurity diligence seek to estimate out exactly how to categorize the hackers and whether to put them in one group or another .
The hackers ’ techniques , such as social engineering , email and text message phishing , and SIM swapping , are common and widespread . Some of the individual hackers were part of several chemical group responsible for for dissimilar data breaches . These lot have made it difficult to sympathise incisively who belongs in what group . Cybersecurity heavyweight CrowdStrikedubbed this umbrella group of hackers “ Scattered Spider , ” and researcher think there is some overlap with 0ktapus .
The chemical group was so active — and successful — that the U.S. Cybersecurity and Infrastructure Security Agency ( CISA ) and the FBIissued an advisory in recent 2023with point on the chemical group ’s activities and techniques , in an attempt to help organizations fix for and defend against anticipated attacks .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
Scattered Spider is “ a cybercriminal group that targets large companies and their contract IT help desk , ” CISA wrote in its advisory . The agency warned that the group has “ typically engaged in data point theft for extortion , ” and noted their know link to ransomware gangs .
One thing that ’s relatively certain is that the hackers are mostly English - speaking and wide believe to be in their teens and early-20s — and sometimes referred to as “ advanced unyielding adolescent . ”
“ There is a disproportionate number of minors involve , and that ’s because the group measuredly recruits youngster because of the indulgent sound environment these nipper exist in and they know nothing will materialise to them if the law entrance a Thomas Kid , ” Allison Nixon , chief enquiry officer at Unit 221B , told TechCrunchat the fourth dimension .
Over the last two yr , some of the members of 0ktapus and Scattered Spider have been linked with a likewise nebulous group of cybercriminals know as “ the Com . ” mass in this wider cybercrime community have committed crimes that crossed over into the actual world . Some of them have been creditworthy for violent acts , such as looting , burglaries , and brickings — lease hoodlum to throw brick at someone ’s house or apartment ; as well as swat — where someone tricks authorities into believe there ’s a crimson crime happen , trip the armed police social unit to intervene . While born as a prank , swatting is know to havefatal consequences .
After two old age of Scattered Spider ’s hacking , bureau are in the end starting to identify and lodge the radical ’s members .
In July , U.K. police confirmedthe arrest of a 17 - year - old in connection to the hack at MGM .
In November , the U.S. Department of Justice announcedthat it had indicted five hackers : Ahmed Hossam Eldin Elbadawy , 23 , of College Station , Texas ; Noah Michael Urban , 20 , of Palm Coast , Florida , who had been arrested in January ; Evans Onyeaka Osiebo , 20 , of Dallas , Texas ; Joel Martin Evans , 25 , of Jacksonville , North Carolina ; and Tyler Robert Buchanan , 22 , from the United Kingdom , who was arrested in June in Spain .
