Four alleged members in the United Kingdom this week “Scattered spider“A huge data theft and forced recovery group whose recent victims include several airlines and UK retail chains Marks and Spencer,
Scattered Spider is a name given to an English -speaking cyber crime group, known for using social engineering strategy, which helps to break the companies and steal data for ransom, often to deliver it to cheat employees or contractors. FBI Last month warned that the scattered Spider recently shifted companies to target companies in retail and airline areas.
UK National crime agency (NCA) verified the names of those arrested, Saying Only that he included two men aged 19 years, another 17 years old, and a 20 -year -old woman. The NCA said that the defendants were charged in a cyber attack against UK retailer Marx and Spencer. HarodsAnd British food retailer Co-group group,
Krebsonsecurity has learned the identity of two 19 -year -old suspects. Several sources close to the investigation said that the arrested people are included Owen david flowerA UK person alleged that cyber infiltration and ransomware attacks were involved in many shutdowns. MGM Casino Properties in September 2023. The same sources said that the arrested woman or recently was in a relationship with flowers.
Sources told Krebssnasurity that the flowers, which were reportedly handled by hackers “BO764,” “holy,” and “Nazi”, were group members, who had interviewed the media anonymously in the following days after MGM Hack. His real name was released from the story of September 2024 about the group as he was not yet accused in that incident.
The large fish mesh in the form of a scattered spider Thalha ZubairA UK person whose alleged adventures under various monichers are well documented in stories on this site. Zubair is believed to have used the surname “Earth2Star“Which matches a founding member of the cybercrime-centric telegram channel”Star fraud chat,
In 2023, krebsonsecurity published an investigation into the work of three different sim-swapping groups, which inflated credentials from T-Mobile Employees and used the access that can be swapped to any T-Momile phone number on a new device. Star Chat was the most active and resulting of three sim-swapping groups so far, which collectively broke more than 100 times in the second half of 2022 in T-Mobile networks.
Zubair allegedly used the handle “Earth2STAR” and “Star Ace” and was a chief member of a hopper SIM-Swapping group operated in 2022. Star Ace posted this image on the Star Fraud Chat Channel on Telegram, and it lists various prices for SIM-Swap.
Sutra Krebsonsecurity states that Zubair was also a chief member Lapsus $ Cybercrime Group that broke into dozens of technology companies in 2022, stealing other internal data from source codes and technical giants Microsoft, Nvidia, Okata, Rockstar Games, Samsung, T MobileAnd Uber,
In April 2022, Krebsonsecurity published internal chat records from Lapsus $, and those chats indicated that Zubair was using the surname Amtrack And SyntaxAt a point in chat, Emerarak told Lapsus $ Group Leader that he did not have to share T-Mobile logo in the pictures sent to the group as he was exposing for sim-swapping earlier and his parents would suspect that he had returned again.
As shown in those chats, the leader of the Lapsus $ finally decided to cheat his real name, phone number, and other hackers in a public chat room on Telegram and cheated on Emetrack.
In March 2022, the Lapsus $ data forcible recovery group leader exposed the name and hacker of Thalha Zubair in a public chat room on Telegram.
This story about leaked lapsus $ chat is related to AMTRAK/Asyntax/Jubair. “EverlinanThe founder of a cyber criminal service selling fake “emergency data requests”, which targets major social media and email providers. In such schemes, hackers compromise on email accounts tied to police departments and government agencies, and then cannot wait for a court order, as it cannot wait for a Uruda.
Now-difiction “Infinity Recursion” has a roster of the hacking team, some of which Lapsus $.
Sources say that Zubair also used the surname “Operator“And recently he was the administrator DoxbinA long -running and highly toxic online community that is used for “doors” or posts deeply individual information on people. In May 2024, several popular cybercrime channels on Telegram ridiculed the operator, as it was revealed that they staged their own kidnapping in a bottled plan to throw law enforcement investigators.
In November 2024, US authorities accused five men between the ages of 20 to 25 in relation to the scattered Spider Group, which depends on the recruitment of minors to complete their most risky activities for a long time. Indeed, many main members of the group were admitted to online gaming platforms such as Roblox and Minecraft in their early adolescence, and have been fulfilling their social engineering strategy over the years.
“There is a clear pattern that some of the most dangerous actor with the first threat actors joined the cybercrime gang at an extraordinaryly young age,” Elison NixonChief Research Officer in New York -based security firm Unit 221B“Cyber criminal requires serious intervention and monitoring arrested at 15 or less age to monitor a year long large scale growth.”
