A British man, believed to be the leader of the Scattered Spider cybercrime collective, has pleaded guilty in the United States to charges of wire fraud and aggravated identity theft.

In November 2024, U.S. prosecutors accused 24-year-old Tyler Robert Buchanan and four other suspects of stealing at least $8 million in cryptocurrency after hacking at least a dozen companies through text-message phishing attacks between September 2021 and April 2023.

The list of breached organizations includes companies from a wide range of industries, such as entertainment, telecommunications, technology, business process outsourcing (BPO), and information technology (IT) suppliers, as well as cloud communications providers, virtual currency providers, and individuals.

"As part of the scheme, Buchanan and his co-conspirators conducted Short Message Service (SMS) phishing attacks by sending hundreds of SMS phishing messages to the mobile telephones of a victim company's employees. The messages purported to be from the victim company or a contracted IT or BPO supplier for the victim company," the Justice Department said on Friday.

"The SMS phishing messages contained links to phishing websites designed to look like legitimate websites of a victim company or a contracted IT or BPO supplier. The websites then lured the recipient into providing confidential information, including personal identifying information (PII), and account usernames and passwords."

According to court documents, they used the stolen information to hijack the victims' email accounts in SIM swap attacks, allowing them to gain control of their phone numbers and virtual currency wallets and transfer millions to wallets they controlled.

Buchanan was arrested in June 2024 in Palma de Mallorca, Spain, has been in U.S. federal custody since April 2025, and will be sentenced on August 21, 2026, facing a statutory maximum sentence of 22 years in prison.

Three of his accomplices (Ahmed Hossam Eldin Elbadawy, Evans Onyeaka Osiebo, and Joel Martin Evans) were also charged in November 2024 with wire fraud, wire fraud conspiracy, and aggravated identity theft and are facing up to 20 years in federal prison if found guilty.

Noah Michael Urban (known online as Sosa and Elijah), a fourth conspirator and another key member of the Scattered Spider cybercrime collective, was sentenced to 10 years in prison after pleading guilty to wire fraud and conspiracy charges one year ago.

The Scattered Spider hacking collective

Also tracked as 0ktapus, Scatter Swine, Octo Tempest, Starfraud, UNC3944, and Muddled Libra, the Scattered Spider gang is a loose-knit group of English-speaking threat actors (as young as 16) that orchestrates attacks using Telegram channels, Discord servers, and hacker forums.

According to the FBI, they're using various tactics to breach corporate networks, including social engineering, phishing, multi-factor authentication (MFA) bombing (targeted MFA fatigue), and SIM swapping.

Some Scattered Spider members are also believed to be part of "the Com," another hacking collective linked to violent incidents and cyberattacks. 

Since the start of 2023, Scattered Spider has also partnered with several Russian ransomware gangs, including BlackCat/AlphV, Qilin, and RansomHub.

In July 2024, UK police also arrested another 17-year-old suspected Scattered Spider hacker, believed to have been involved in the 2023 MGM Resorts ransomware attack. Other high-profile attacks linked to this cybercrime group include breaches at Caesars, Riot Games, MailChimp, Twilio, DoorDash, and Reddit.