Cyber Crime Junkies
Translating Cyber into Plain Terms. Newest AI, Social Engineering, and Ransomware Attack Insight to Protect Businesses and Reduce Risk. Latest Cyber News from the Dark web, research, and insider info. Interviews of Global Technology Leaders, sharing True Cyber Crime stories and advice on how to manage cyber risk.
Find all content at www.CyberCrimeJunkies.com and videos on YouTube @CyberCrimeJunkiesPodcast
Cyber Crime Junkies
Most Wanted Dark Web Hackers. Truth about Scattered Spider.
🚨 New episode 🚨 David Mauro exposes The COM, Scattered Spider and BLACK CAT ransomware gang. Covering topics: most wanted dark web hackers, to catch a thief, truth about scattered spider, most wanted young hackers, Cyber Crime Gangs Under Cover, Exposed Secrets Of Cyber Crime Gangs, Profiling The People Who Cause Ransomware Attacks, how do hackers not get caught, hackers, undercover hackers, and When Hackers Get Caught.
Chapters
- · 00:00 Profiling The People Who Cause Ransomware Attacks
- · 03:00 Inside the Comm: A Cybercrime Collective
- · 05:51 Most Wanted Dark Web Hackers
- · 09:11 The Fall of Scattered Spider's Kingpin
- · 12:09 Truth About Scattered Spider
- · 17:58 Exposed Secrets Of Cyber Crime Gangs
- · 25:14 The MGM and Caesars Attacks: A Case Study
- · 32:02 Cyber Crime Gangs Under Cover
Grow without Interruption. Stop Breaches. Leverage Advances in Technology with NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com
Have a Guest idea or Story for us to Cover? You can now text our Podcast Studio direct. Text direct (904) 867-4466
🎧 Subscribe now http://www.youtube.com/@cybercrimejunkiespodcast and never miss a video episode!
Follow Us:
🔗 Website: https://cybercrimejunkies.com
📱 X/Twitter: https://x.com/CybercrimeJunky
📸 Instagram: https://www.instagram.com/cybercrimejunkies/
Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews.
Listen to Our Podcast:
🎙️ Apple Podcasts: https://podcasts.apple.com/us/podcast/cyber-crime-junkies/id1633932941
🎙️ Spotify: https://open.spotify.com/show/5y4U2v51gztlenr8TJ2LJs?si=537680ec262545b3
🎙️ Youtube (FKA Google) Podcasts: http://www.youtube.com/@cybercrimejunkiespodcast
Join the Conversation: 💬 Leave your comments and questions. TEXT THE LINK ABOVE . We'd love to hear your thoughts and suggestions for future episodes!
Most Wanted Dark Web Hackers. Truth about Scattered Spider.
Topics Covered: Most Wanted Dark Web Hackers, to catch a thief, Truth About Scattered Spider, most wanted young hackers, Cyber Crime Gangs Under Cover, Exposed Secrets Of Cyber Crime Gangs, Profiling The People Who Cause Ransomware Attacks, how do hackers not get caught, hackers, undercover hackers, When Hackers Get Caught, scattered spider, best hackers in the world, crypto crimes, who is the com online hackers, hackers getting caught, what is a swatting call, who are the com online hackers, sim swaps explained, Who Are Hackers And What Do They Do, cyber crime gangs get taken down like the mafia was, cyber crime gangs under cover, exposed secrets of cyber crime gangs, how cyber criminals are like mafia, how to defend from online violence, inside a cyber crime gang, most common hacking tactics, and how casinos got breached.
🚨 New episode 🚨 David Mauro exposes The COM, Scattered Spider and BLACK CAT ransomware gang. Covering topics: most wanted dark web hackers, to catch a thief, truth about scattered spider, most wanted young hackers, Cyber Crime Gangs Under Cover, Exposed Secrets Of Cyber Crime Gangs, Profiling The People Who Cause Ransomware Attacks, how do hackers not get caught, hackers, undercover hackers, and When Hackers Get Caught.
Chapters
· 00:00 Profiling The People Who Cause Ransomware Attacks
· 03:00 Inside the Comm: A Cybercrime Collective
· 05:51 Most Wanted Dark Web Hackers
· 09:11 The Fall of Scattered Spider's Kingpin
· 12:09 Truth About Scattered Spider
· 17:58 Exposed Secrets Of Cyber Crime Gangs
· 25:14 The MGM and Caesars Attacks: A Case Study
· 32:02 Cyber Crime Gangs Under Cover
Exposed Secrets Of Cyber Crime Gangs
Host (00:00.066)
Have you ever wondered how a group of young hackers could infiltrate some of the world's largest corporations? What if these cyber prodigies were part of a secretive online network orchestrating attacks from behind their screens? And despite numerous arrests, could they still be operating in the shadows, hiding in plain sight? In the dark corners of the internet, a notorious cyber collective known as the KOM
has emerged as a hub for new young hackers. This digital underground attracts individuals from all walks of life, gamers, tech enthusiasts, and aspiring hackers alike, who come together to share knowledge, tools, and techniques. What starts often as innocent curiosity often blurs into something much more dangerous, as members push the boundaries between ethical exploration and outright cybercrime.
This is the story of the young and criminal. Meet the Calm, masters of social engineering. And now, the show.
Host (01:23.31)
Come join us as we go behind the scenes of today's most notorious cybercrime, translating cybersecurity into everyday language that's practical and easy to understand. appreciate you making this an award-winning podcast by downloading our episodes on Apple and Spotify and subscribing to our YouTube channel. This is Cybercrime Junkies, and now the show.
Host (02:03.118)
threat actors get their origin. Where do they learn their expertise? The community, also commonly known as the comm, is an online presence filled with individuals from diverse backgrounds including gamers, hackers, and recreational users. More than hundreds of individuals take part in various activities from innocent meme sharing to more sinister activities involving felonies,
international cybercrime and even physical violence. What motivates the calm? While the interest of the calm rotates among members, its focus regarding cybercrime seems to be a universal one for all engaging. SimSwaps, which is a cyber attack completed by tricking a mobile phone provider into switching activation of somebody's cell phone to a new SIM card where they can take command and control.
over someone else's phone. That's been proven to be one major connection, a thread that is woven into various members of the palm. Thread actors associated with online presence have been seen utilizing this form of identity theft not only to gain access to victims' cryptocurrency accounts, but to conduct more sophisticated attacks involving social engineering.
to deliver such massive widespread chaos as ransomware through their victims' mobile phones. Outside of the financial endeavors, the comm has been flagged by the FBI for having an interest in nationwide epidemic of swatting calls. They've been calls to schools, to individual private homes, people they get mad at while they're gaming. A swatting call refers to hoax phone calls sent to
schools and universities or individuals homes causing the SWAT team to be deployed similar to like a false bomb or shooting threat. No matter what the focus is though, the comm continues evolving whether that be in physical violence or cyber crime hosting some of the largest ransomware attacks ever seen. One of the things that makes the comm so good is they are fluent in the ways of civil Western civilization. They know
Host (04:25.613)
how we in the United States and in Europe and in Australia and North America, they understand how we operate, they understand how we speak, they understand the cultural norms, they understand the different regional dialects and they use it to their advantage when conducting the most powerful tactic of all hacks, social engineering. The comm has really been a launch pad for cyber crime.
It served as a launch pad for at least 14 different major cyber criminal groups, including Lapsis, Starfraud, which is also known as Scattered Spider, which we're gonna get into in just a second, the RE Group, and Chuckling Squad. Each of these groups has built a reputation for wreaking havoc through various cyber schemes. Lapsis, right now a South American based extortion group,
gained notoriety for stealing corporate data and failing to delete it despite promising their victims that they would. Who knew that cyber criminals wouldn't keep their word? Their members communicate openly on Telegram, which is not even part of the dark web. is any of us can access it. And they openly communicate on there and it is available for all to see. And by doing that, they continually taunt law enforcement.
with a lot of bold attacks. The other group is the RA group. The RA group originally derived from Bamboo ransomware, specializing in targeting manufacturing and healthcare industries. Operating under the radar, they have rapidly expanded their attacks beyond the US and South Korea to now include Germany, India, and even Taiwan. Another group is the Chuckling Squad. Great name, right? They first gained notoriety back in 2019.
for hacking high profile Twitter, now X accounts, including that of the former CEO, Jack Dorsey. Their attacks, while less financially motivated, have nonetheless caused significant disruption. Several members were arrested in 2021, but their chaotic legacy remains. In terms of the early history of the com and its offshoot, Scattered Spider, they all trace back to the early 2020s. Emerging from
Host (06:50.825)
online communities, gaming communities, where young tech enthusiasts would congregate. These platforms served as a breeding ground for individuals keen on exploring cybersecurity, some of who veered into illicit activities. One of the most infamous factions to emerge from the comm is Scattered Spider. They've been in the major media news, they've been on 60 Minutes, they've been discussed across
across various mediums. They're also referred to in the cybersecurity community as UNC 3944. The compromise it's built is comprised mostly of teenagers and young adults from the United States and the United Kingdom. The group has made headlines for audacious cyber attacks and flaunting law enforcement. Their tactics are very effective.
and highly sophisticated, relying on social engineering methods like SIM swapping, phishing scams, multi-factor authentication fatigue, and by exploiting multi-factor fatigue, they've been able to infiltrate major corporations. No industry is off limits. They've attacked every single vertical. Their targets range from telecom companies to critical infrastructure.
It was established Skittered Spider got their start right around May of 2022. Initially the group was concentrated on infiltrating telecom firms, employing tactics like SIM swapping, phishing via SMS, meaning just a regular text, and using Telegram. And they were exploiting certain vulnerabilities like the CVE 2015 through, which was a security flaw in the Windows anti-DOS.
software, meaning the software that would stop websites from being taken down by being flooded with too many requests. Their deep understanding of cloud platforms, and particularly Microsoft Azure, Google Workspace, and Amazon's cloud AWS, it facilitated their reconnaissance and their exploitation efforts. The deadly combo really came for Scattered Spider when they teamed up with
Host (09:11.917)
Russian ransomware gangs. So when you think about it, Russian ransomware gangs are very powerful, very well funded, very well organized. But the one thing they lack is local familiarity with our customs. Enter the comm. One of the most notorious ransomware groups in history, Black Cat and ALPHV, teamed up in early 2023 with members of the comm and Scattered Spider. It's unclear whether
The group started with the calm or if they emerged in a different light. But what is known is that they were affiliated and successful during their era together. BLACK CAT has since disappeared. We'll explain that in just a second. Further analysis on the attacks, such as the data breach of MGM, which fell victim to them in 2023 when BLACK CAT and Scattered Spider combined their forces to breach $100 million in customer private
information, PII data. It's evidence of their success. Now there've been some cracks in the foundation since Scattered Spider's initial emergence and teaming up with the Russian ransomware gangs. So some of the arrested developments that have happened are the following. There's a fall of their kingpin. And let's talk a little bit about how Tyler Buchanan's empire kind of crumbled. From the
Behind the mask of the comm, behind layers of encrypted chats and stolen credentials, a young mastermind was building his digital empire. His name was Tyler Buchanan, a 22 year old from Dundee, Scotland. Buchanan wasn't just another hacker though. He was allegedly the leader of Scattered Spider. For years, he operated under the alias Tyler B, orchestrating sim swapping,
phishing attacks and multi-million dollar cryptocurrency exchange thefts. See what would happen is once they get control over the victim's phone, they can have full access to what is on that phone, including the private keys for crypto. And they would take that cryptocurrency. That was one of their claims to fame. It's why they all brag about being able to make so much money. His crew
Host (11:39.917)
Tyler B's crew had infiltrated companies like Twilio, LastPass, the password manager, they breached DoorDash, and even MailChimp, exploiting human error through social engineering to access corporate systems and pilfer sensitive data. The authorities had been watching, but Buchanan remained elusive until one fateful day in June 2024. Alma de Mallorca
Airport Spain the Mediterranean Sun cast long shadows as Buchanan made his way toward the departure gate He was planning to leave for Italy slipping away once again just as he had before but this time they were waiting as He moved through the terminal Spanish authorities working alongside the US's Federal Bureau of Investigations the FBI They closed it and what did he have in his possession as they put handcuffs on him?
a digital fortune. He was holding on him the digital access to 391 Bitcoin, which at the time was worth $27 million. It's a lot of stolen money for a 22 year old. His empire had been built on deception, but there was no escaping the truth at this point. So the charges became a life on the line. Buchanan was not just another hacker, you see.
He was the alleged mastermind behind the cybercrime syndicate that had attacked 45 different US companies in a relentless wave of digital break-ins. His arrest was the result of international manhunt that started back in May 2023. The FBI had issued a global arrest warrant and now the net had finally closed. Once extradited to the United States, Buchanan will face
nightmare of charges. Conspiracy to commit wire fraud, wire fraud, aggravated identity theft and more. The maximum sentence that he faces right now? Up to 47 years in prison. Weapon of choice wasn't brute force hacking. It's not kids in hoodies cracking code. It's social engineering and they're very very good at it. Manipulating people into giving up secrets
Host (14:04.897)
that no firewall and no security platform can protect. They tricked employees into handing over credentials, bypassed security measures meant to keep them out, and vanished with millions in stolen assets. For years, they had outrun the law, but with Buchanan's arrest, the group had taken a devastating hit. The aftermath, is it the end or is it really just the beginning? Was his arrest Buchanan the leader of Scattered Spider?
Is that the end of Scattered Spider? Or would another hacker rise to take Buchanan's place? Cybercrime doesn't die with a single arrest, but for now, one of its most infamous players was in handcuffs. His fortune was frozen and his empire collapsed. As he sat in a Spanish jail cell awaiting extradition in United States, one thing was certain, the game had finally caught up with him. There's another character.
that was a member of Scattered Spider and the Comm that has recently been taken down. It's a story of the cyber heist with a trail of millions stolen. Back between August 2022 and March 2023, Urban is accused of orchestrating a daring scheme that left at least five victims reeling from devastating personal financial losses. His method was sim swapping.
that technique straight out of that cyber thriller that we've read. It works like this. Urban hijacks the victim's phone numbers, rerouting the calls and messages to his own device. With access to their texts, he biplases security checks like multi-factor authentication and gains access into private accounts. He takes control over their email and their financial accounts. From there, with just a few clicks, millions
have vanished into the void and into his private wallets. On November 2nd, 2022, Urban allegedly drained 182 Ethereum coins worth a staggering $294,000 at the time, just from one single victim's crypto wallet. Weeks later, he pocketed 1.28 Bitcoin, which was worth around $21,000, but he wasn't done.
Host (16:30.957)
By February, 2023, he had pulled off one of his biggest heists yet, a transfer of $374,000 in stolen funds. He began to live large. The world was at his fingertips, buying expensive trips, jewelry, cars, you name it, all until January, 2024, which was the arrest when a teen cyber criminal world comes crashing down.
Federal agents had been watching, the noose had been tightening, and in January 2024, the trap was finally sprung. Urban was arrested in Florida, his online empire collapsing in an instant. The charges, one count of conspiracy to commit wire fraud, eight counts of wire fraud, and five counts of aggravated identity theft. If convicted, he faces a nightmare sentence. Up to 20 years in prison for
each of the wire fraud charges. In a mandatory minimum of two years, her identity theft served consecutively. Those numbers add up fast, decades behind bars. The bigger picture is the scattered spider connection. Urban wasn't just another hacker. His crimes were part of something bigger. Investigators linked him to scattered spider and spun off from the comm. The group, by that time,
had already hit giants like Twilio, LastPass, and MailChimp. authorities believe, was one of their rising stars. But for now, he is behind bars, swept up in the growing crackdown of cyber criminal networks. In the aftermath, it leads to a warning to the next generation of hackers. Urban's case is now in the hands of the US Attorney's Office for the middle district of Florida, and the FBI...
and the Justice Department's elite cybercrime unit. One thing is clear, the golden age of sim swapping is beginning to crumble. Urban thought that he had the perfect crime. He thought he was untouchable, but in the end, the very digital world he manipulated was one that brought him down. And now he waits for the trial, for the verdict, for a future that once seemed limitless, but now looks like a prison cell. The next take down.
Host (18:53.225)
of one of the scattered spider members and one of the spin-offs from the com. He's the rise and fall of this teenage criminal, Remington Ogletree. For years, Remington Ogletree was just another name floating in the depths of the cyber crime underworld. A young hacker with a taste for deception. He had been playing the game since he was 12 years old, learning the tricks of sim swapping.
social engineering before most kids his age even had a bank account. But in November 2024, his luck ran out. At just 19 years old, Ogletree was arrested, the sixth alleged arrest of members of Scattered Spider, to face federal charges in recent months. His high-stakes digital heist had racked up more than $4 million in damages.
targeting telecom giants, financial institutions, and cryptocurrency firms. And in the end, it was his own arrogance that sealed his fate. Between October 23 and May 2024, see, Ola Tree allegedly carried out a series of cyber intrusions, each more daring than the last. His weapon of choice was manipulation, social engineering.
In October, 2023, an unsuspecting employee at a US-based telecom company received a call from IT support. The voice on the other end was calm, confident, insistent, pushing them to click a link in a text message. Seconds later, they entered their login credentials. That was all Ogletree needed. The result, stolen customer API keys.
which he allegedly used to access accounts and fire off 8.5 million phishing texts aimed at stealing cryptocurrency. That same month, Ogotree targeted 149 employees at a major financial institution with phishing messages, directing them to a fake company login page. 12 accounts fell victim. And then there was
Host (21:11.391)
a European telecom provider. Posing as an employee, Ogletree bluffed his way deeper into the company's networks, stealing confidential data. Months later, that network was used to launch a wave of cyber attacks, 140,000 phishing texts in a single blast. The scale of his operation was staggering. Millions were stolen. Millions more remained at risk.
And all the while, Ogletree bragged. He bragged publicly. He recklessly. If you know anything about organized crime and
The way and mannerisms that make an organized crime leader a target, it is that arrogance and that flagrant communication and message because nothing will make law enforcement track you down like that. In February 2024, it's exactly what they did. FBI agents knocked on Ogletree's door in Fort Worth, Texas.
Was it an arrest? Just a conversation. Maybe he thought he was untouchable. Maybe he thought they didn't have enough. Because he talked. He admitted he knew key members of Scattered Spider. The group infamous for cyber attacks like MGM Resorts, Ceasars, Coinbase and more. He even explained the group's strategy. He said, quote, we target outsourcing companies
because they have less security. Then, just days later, he made a fatal mistake. Knowing the authorities were onto him, Ogletree turned to a money laundering service, requesting $75,000 in cash in exchange for stolen cryptocurrency.
Host (23:18.061)
But what he didn't know? That service was run by the FBI. They watched, they waited, when the time was right, they closed in. The brag that brought him down. Investigators traced a Telegram account back to Ogletree. And there, back in October 2023, there's a message that destroyed him. He bragged, I made 300K in the past 24 hours.
See, he wasn't just stealing, he was boasting. Yet another quote, quote, hack an internet service provider, get lots of customer emails, send them to a phishing site. You can make $10 million a year easy if you're dedicated, unquote. This wasn't just a teenager experimenting with hacking. This is a criminal blueprint. Now, Remington Ogletree,
faces serious consequences, is arrested and charged with wire fraud, aggravated identity theft, and potentially faces decades in prison. Unlike some of his co-conspirators, he wasn't immediately locked away. Instead, he was released on $50,000 bail. Why? I don't know. But his trial looms and with millions in damages on the line, prosecutors do not plan to go easy.
He thought he was ahead of the game. He believed he was smarter than the victims and smarter than the FBI. But in the end, it was his own ego that proved to be the downfall. He built an empire on deception and now he may spend all of his youth paying for it. And then there's Ahmed El-Dabat. And then there's Ahmed El-Badawi, the cyber heist that shook the US. For two years, Ahmed and his crew operated in the shadows.
Silent, calculated, untouchable, using nothing but words and deception. The infiltrated corporate networks, stealing millions and leaving no digital trace behind. But in November 2024, their luck ran out. U.S. prosecutors unsealed charges exposing their intricate phishing scheme that siphoned off millions in cryptocurrency and wreaked havoc on American companies. The arrest
Host (25:43.693)
sent shockwaves through the cyber criminal world, another major blow to the elusive scattered spider hacking collective. So here is the scheme. It was a digital con game between September 2021 and April 2023. Ahmed and his team played a dangerous game of deception. Their method was simple yet devastatingly effective. A fake warning. Step one.
Employees at high profile US companies received an urgent text via SMS. Your account will be deactivated. Click the link to verify your credentials. It was that simple. Quote, let me repeat it. Your account will be deactivated. Click the link to verify your credentials. The trap, the link led to a fake website, a near perfect replica of the company's login page.
Then the takeover happened. Once the employees entered their usernames and passwords, Ahmed's team seized control. Corporate data stolen. Internal systems breached. Cryptocurrency accounts drained. For months, their operation ran like clockwork, breaching company after company until stolen funds reached the millions. And then came the arrest and the web that caught them.
Ahmed wasn't working alone. He and his co-defendants, each a skilled hacker in their own right, helped execute one of the most prolific cybercrime, cyber fraud operations in recent history. So among them was Noah Michael Urban, 20 years old from Palm Coast, Florida. He was already arrested for $800,000 in a crypto heist. There was Evans Onieka Osiobo.
20 from Dallas, Texas, Joel Martin Evans, 25 from Jacksonville in North Carolina, and Tyler Robert Buchanan, Tyler B., the head of Skattered Spider, 22 from the United Kingdom, the alleged mastermind behind multiple cyber intrusions. With Ahmed at the center, they formed a highly organized cybercrime ring that exploited human psychology.
Host (28:08.737)
just as much as digital vulnerabilities. But when the FBI closed in, it was over. The charges and what comes next. So now, Ahmed faces the full weight of the US justice system. He's charged with conspiracy to commit wire fraud, wire fraud, and aggravated identity theft. With each wire fraud charge carrying up to 20 years in federal prison,
Ahmed and his crew could be looking at decades behind bars. The case is a warning that cybercrime isn't just about stolen passwords and hacked accounts. It's about real world consequences. As legal proceedings continue, Ahmed and his co-defendants are presumed innocent until proven guilty in a court of law. These are just more than just high profile takedowns. It's a message being sent to other members of the com.
and to Scattered Spider. Scattered Spider is the most sophisticated hacking group in the world known for brutal cyber attacks like MGM Resorts, Ceasars, Coinbase, Twilio, and LastPass. But for now, law enforcement is catching up. The cyber criminals that once lurked in the shadows are finding themselves in courtrooms facing justice. Now the only thing left is the countdown to sentencing.
One of the last and other remaining scattered spider leaders that has been taken down recently is a 17 year old hacker whose name hasn't been released because of his age. But he was at the center of the MGM cyber attack investigation. In July, 2024, this 17 year old from Walsall, England, found himself in the crosshairs of an international cybercrime takedown.
alleged crime helping orchestrate the cyber attack that crippled MGM resorts. The arrest carried out by West Midlands police with the support of the National Crime Agency and the FBI is part of a global effort to dismantle a notorious hacking collective known for ransomware attacks and corporate extortion namely the comm in the spin-off of Scattered Spider. Now
Host (30:34.537)
investigators dig into his seized devices, the unsuspect is out on jail and his future hangs in the balance. Authorities believe this Walsall teenager is linked to the MGM breach itself. The modus operandi that he used and that scattered spider would use is what we've described. Social engineering tricking employees into handing over access and then
partnering with Russian ransomware gangs once they get in to deploy ransomware and lock up corporate networks and demand massive payouts. And then the financial extortion, holding the sensitive data hostage for millions of dollars in cryptocurrency. The West Midlands police made one thing clear. They said, quote, we will find you. "It's simply not worth it." Unquote.
So what happens next? For now, that teen remains out on bail, but the investigation is far from over. Law enforcement is meticulously analyzing his computers, his phones, and other seized devices to determine his exact role in the MGM breach. As cyber criminals get younger and their methods more advanced, this case serves as a wake-up call that law enforcement is adapting and nowhere is truly safe to hide. One question remains.
Will the 17 year old be the next hacker to face justice? Or will the digital underworld find a way to protect its own? So let's talk about Scattered Spiders casino heist. In 2023, Scattered Spider shifted its focus to target more high stakes targets, casinos. The group infiltrated MGM Resorts International and Ceasars Entertainment using its signature weapon, social engineering.
disguising themselves as employees, they manipulated the help desk staff into granting them access, which then allowed them to bypass security protocols and seize control of internal systems. The result? Catastrophic breach that paralyzed MGM's operations and forced Ceasars to pay a staggering $15 million ransom to protect the stolen data. So originally known for
Host (32:58.999)
hacking telecom companies, Scattered Spider expanded its reach into critical infrastructure and major corporations. Their collaboration with the Russian ransomware syndicate, particularly ALPHV, which is Black Cat, supercharged their capabilities, allowing them to execute devastating cyber attacks on some of the biggest names in hospitality. Scattered Spider isn't just another criminal group. It's highly skilled, elusive,
and they operate as a collective with deep experience in cloud computing and enterprise security. They've conducted Microsoft Azure and cloud reconnaissance. They navigate corporate cloud environments powered by Google Workspace and AWS gathering intelligence before striking. They leverage the what's called living off the land. They leverage legitimate remote access tools. Instead of relying on traditional malware, they use
real IT tools to blend in with normal operations, making detection nearly impossible. And then they're decentralized and they have an adaptive structure. Despite multiple law enforcement crackdowns, Skeletor's Spiders fluid and anonymous network keeps it alive and one step ahead of authorities for right now. MGM breach was more than a cyber attack. It was a warning. Cyber criminals are evolving.
leveraging deception, psychology, and insider knowledge to breach the most secure organizations. As they continue to reinvent themselves and evade capture, one thing gets clear. The war between cybercrime and global corporations is far from over. On September 11th, 2023, Scattered Spider launched this meticulously crafted attack against MGM.
and they exploited one of the weakest links in cybersecurity, human trust. Their weapon of choice was social engineering. Impersonated MGM employees, the hackers actually called the company's IT help desk. Armed with details that they had about the people they were impersonating from social media and open source, things like LinkedIn, they sounded credible and requested password resets.
Host (35:25.997)
The unsuspecting support staff, is a help desk, literally trying to help is baked into the name, they granted them access, unwittingly handing over the keys to MGM's internal network. But this wasn't an isolated incident. Ceasars, as we mentioned, also fell victim to the same tactics. The hackers bypassed multi-factor authentication by tricking employees into revealing login credentials and one-time passwords.
called OTPs. Spider members even claimed that they targeted MGM because the company had caught them trying to rig slot machines. that was why they launched the attack against MGM. Because they tried to rig slot machines and just make quick cash. The company was so good at security that they caught them there doing that. So they went back with a vengeance. they've really, Scattered Spider and the com have
They use phone calls, text messaging, they steal employee credentials for unauthorized access, they trick workers into installing remote access software, they convince employees to share OTPs, bypassing security protections, they spam victims with endless multi-factor authentication notifications leading to what's called multi-factor authentication fatigue and getting accidental approvals.
and getting entry unauthorized into the system. Even cellular carriers haven't been safe with the COM and with Scattered Spider. The group successfully hijacked phone numbers through SIM swapping, gaining control over accounts and security verifications. In the case of MGM, once they got inside, Scattered Spider had moved fast. They escalated privileges, they explored the infrastructure looking for weaknesses,
They disrupted operations. They took down reservation systems, disabled digital room keys, and crippled casino floor functions. And then they forced a shutdown. MGM had to take systems offline to contain the breach, suffering massive financial and reputational damage. For Scattered Spider, access equals profit. Your tactics don't just disrupt operations. They turn stolen data and network access
Host (37:54.933)
into cash, the extortion via ransomware and data theft for financial gain. And the notable aspect of the breach involving MGM and Ceasars was that Scatter Spider collaborated with the Russian ransomware group known as ALPHV BLACK CAT, the partnership combined Scatter Spider's adept social engineering capabilities with ALPHV's sophisticated ransomware tools.
Such alliances represent a concerning trend in cybercrime where groups with complementary skills unite to enhance the effectiveness of their attacks. The collaboration between these groups underscores the globalization of cyber threats. By pooling resources and expertise, they can launch more potent attacks, challenging traditional cybersecurity defenses, and necessitating a reevaluation of the current protective measures
that a business may have. In the wake of the attack, MGM Resorts faced not only immediate operational disruption, but also long-term challenges, including a whole host of legal actions and a decline in customer trust. When we talk about the combination of Scattered Spider with BLACK CAT, let me explain a little bit about BLACK CAT. So BLACK CAT gained notoriety.
for coding their ransomware in a user-friendly coding language called Rust. And it became very, very popular and they were the preeminent ransomware gang right up there with Lockbit back in 2023 and early 2024. They operated very similar to other ones and that's the ransomware as a service, meaning one doesn't have to know how to code, they just need to be criminal and they use the platform
very similar to other SaaS programs that will launch, track, provide services like the money laundering, the customer service, the negotiation, et cetera. And for initial access, oftentimes the ransomware groups rely essentially on stolen credentials that they could buy on the dark web through what's called initial access brokers. Then they operate a public leak
Host (40:21.709)
data site where they publish the extorted data should somebody not pay the ransom. So that's how it works as as double ransom. The group had targeted hundreds of organizations worldwide, including Reddit in 2023 and the largest health care breach CHANGE HEALTHCARE in 2024. Since then, they have since vanished. So what happened is
As of February 2024, the US Department of State was offering rewards of up to $10 million for any leads that could identify or locate members of BLACK CAT, ALPHV any of those gang leaders. In March 2024, a representative for BLACK CAT said that the group was shutting down in the aftermath of the Change Healthcare Ransomware attack. As of early 2025,
The entire ransomware gang of BLACK CAT apparently disappeared. But here's the backstory there. In early 2024, Blackhat ransomware became embroiled in significant controversy involving an alleged exit scam and internal disputes with their affiliates. See, the heads of the ransomware gangs hired these independent contractors, these digital mercenaries, which are called affiliates. And that affiliate
is the one who breached Change Healthcare using the software and the platform of BLACK CAT. The situation centered around a substantial ransomware payment that Change Healthcare had paid. It paid $20, $25 million to BLACK CAT. BLACK CAT then turned closed up shop and disappeared. The issue is this, the affiliate hadn't been paid his cut.
They usually split it 70 30 60 40 80 20 et cetera. And they disappeared. They did an exit scam. They closed up shop, disappeared off the internet and never paid the person that did it. The problem is Change Healthcare had paid BLACK CAT the 20, $25 million in exchange for the data being deleted. But guess what? The affiliate.
Host (42:48.237)
still had the data. So he went back and contacted Change Healthcare. He joined another ransomware gang called Ransom Hub. And then he knocked on the door of Change Healthcare and said, hey, I still have your data. So the same thing applies. And they're like, no, no, no, we've paid BLACK CAT. And he's like, I don't care. Like they didn't delete your data. I have a copy of your data. So I'm going to do the same thing.
And that is ongoing. There's a lot of reports that they had to pay twice, but those are not part of this episode for discussion. The ransomware service model that was employed by BLACK CAT is responsible for infiltrating various, scratch that last piece. So historically, ransomware groups have been known to shut down a rebrand in order to evade.
law enforcement and to continue their activities under a new identity. Given Blackhat's lineage with connections with previous groups like Black Matter and Darkside, there's speculation that the group will re-emerge in a different form. Concurrently, disgruntled affiliates feeling betrayed by Blackhat's exit scam may seek alternate platforms like this one affiliate did by joining and founding Ransom Off.
and form new alliances to continue their operations. As for Scattered Spider and the Comm, today they remain online, hiding in plain sight. Despite multiple arrests, their decentralized neighbor, the decentralized aspect of the Comm makes it nearly impossible to eradicate them completely. As cyber defenses improve,
So too do the tactics that cyber criminals use. With the rise of generative AI and evolving cyber threats, cyber crime methods, groups like Scattered Spider continue to adapt, staying one step ahead of authorities. The comm and its affiliates remain active, continually adapting to evade detection.
Host (45:12.225)
My question to you is could you know them? Could you be working with them? Could you be hanging out with them? And maybe not even realize.
Host (45:24.173)
Well that wraps this up. Thank you for joining us. We hope you enjoyed our episode. The next one is coming right up. We appreciate you making this an award-winning podcast and downloading on Apple and Spotify and subscribing to our YouTube channel. This is Cybercrime Junkies and we thank you for watching.
