Five Alleged Members of Hacking Group 0ktapus Charged in Multi-Year Cybercrime Spree: The U.S. Department of Justice (DOJ) has announced charges against five individuals accused of orchestrating a prolonged hacking campaign targeting tech companies and cryptocurrency owners. The group, linked to the infamous hacking collective 0ktapus, allegedly stole millions of dollars and sensitive information in a multi-year operation.
The Accused
The DOJ named five suspects in its press release:
- Ahmed Hossam Eldin Elbadawy, 23, of College Station, Texas
- Noah Michael Urban, 20, of Palm Coast, Florida
- Evans Onyeaka Osiebo, 20, of Dallas, Texas
- Joel Martin Evans, 25, of Jacksonville, North Carolina
- Tyler Robert Buchanan, 22, a British national arrested in Spain earlier this year
Alleged Crimes
According to the DOJ, the group employed phishing scams to steal credentials from employees of U.S. companies. Using stolen credentials, they accessed corporate systems to steal intellectual property, personal data, and cryptocurrency. The hackers also leveraged SIM-swapping attacks to take over victims’ phone numbers, exploiting password reset systems to gain further access.
Key allegations include:
- Theft of $6.3 million in cryptocurrency from a single victim.
- Targeting employees at companies in the entertainment, virtual currency, and telecommunications sectors.
- Stealing intellectual property and personal information valued at tens of millions of dollars.
0ktapus and Scattered Spider
The accused are allegedly linked to the hacking group 0ktapus, notorious for spoofing Okta login portals used by major tech firms like Twilio, Coinbase, and DoorDash during a 2022 campaign. The group resurfaced in 2023 to target gaming companies, including Riot Games.
The DOJ confirmed the suspects are also tied to Scattered Spider, a financially motivated cybercrime collective known for attacking large enterprises and their service providers.
Sophisticated Tactics
Court documents describe 0ktapus as a “loosely organized financially motivated cybercriminal group.” Prosecutors allege the group used advanced impersonation and social engineering techniques to deceive employees into revealing their credentials.
Specific roles of the suspects include:
- Evans: Developed phishing software and managed infrastructure for exchanging stolen credentials and cryptocurrency.
- Urban: Accused of stealing more than $800,000 in Bitcoin and Ethereum.
- Elbadawy: Found in possession of stolen credentials during a March 2023 search.
Scope of the Campaign
The FBI’s investigation revealed that the group targeted at least 45 companies across the U.S., Canada, the U.K., and other countries. The hackers were part of a broader network known as “the Com,” a nebulous cybercriminal community of young adults and teenagers skilled in social engineering.
Ongoing Investigation
The DOJ unsealed three court documents related to the case, with one referencing an “unindicted co-conspirator” and additional unidentified suspects. This indicates the investigation is ongoing, and more charges may follow.
Broader Implications
The group’s reliance on phishing and SIM-swapping underscores the growing threat of social engineering in cybersecurity breaches. Companies targeted include those leveraging Okta’s secure authentication services, which the hackers spoofed to deceive victims.
Next Steps
The DOJ’s charges highlight the U.S. government’s efforts to crack down on cybercrime networks. Buchanan’s extradition from Spain signals international collaboration in addressing cyber threats.
As investigations continue, authorities aim to dismantle the broader cybercriminal ecosystem behind 0ktapus and its affiliated networks.
Leave a Reply