ADVERTISEMENT

Business

Scattered Spider Teen Hacked Telecoms to Spam Victims, US Says

A computer mouse Photographer: Andrey Rudakov/Bloomberg (Andrey Rudakov/Photographer: /Bloomberg)

(Bloomberg) -- US prosecutors unsealed charges against an alleged teenage hacker who worked with a notorious cybercrime crew to break into telecommunications firms, providing new insights into the vulnerabilities of critical infrastructure providers. 

Remington Ogletree, 19, allegedly breached two telecoms and one American financial institution in order to exfiltrate their data and steal customers’ virtual currency to cause $4 million in damages, according to charges unsealed Wednesday. Ogletree is accused of working with Scattered Spider, a hacking gang that’s been tied to attacks on MGM Resorts International, Caesars Entertainment, Coinbase, Riot Games Inc. and others. 

The teenager is accused of compromising two unnamed telecoms, then abusing that access to send text phishing links to millions of people in an attempt to steal a vast amount of cryptocurrency. Ogletree allegedly targeted specific customers and accessed telecom systems related to managing inbound and outbound calls and text messages, according to court records. 

The case is the latest to illuminate how hackers have targeted telecoms for purposes ranging from cybercrime to digital espionage.

US officials have urged American firms in recent days to toughen their security measures after state-sponsored Chinese hackers targeted multiple phone companies to try spying on President-elect Donald Trump, Vice President-elect JD Vance and others within politics and government. Those hackers are continuing to linger inside corporate networks, months after breaking in, US officials said Tuesday. 

In unrelated schemes, scammers also have targeted telecom employees, bribing them to provide access to specific customers’ phone numbers in order to take victims’ cryptocurrency, a technique called SIM-swapping.

In October 2023, Ogletree allegedly duped a US-based employee at a European telecommunication provider and gained access to customer accounts, allowing him to send 8.5 million phishing texts to customers across the country. To recipients, the texts appeared as if they came from a cryptocurrency exchange that was alerting them to a reimbursement, according to court documents. Other fake messages seemed to be from video game companies offering a reward.  

In addition to the two telecommunication companies, Ogletree is also accused of breaking into a US-based financial organization after fooling 12 employees into giving him access to their accounts, allowing him to steal sensitive financial information. 

Five alleged members of Scattered Spider were charged by prosecutors in a hacking spree that resulted in the theft of sensitive data and at least $11 million in cryptocurrency, according to an indictment unsealed last month. UK police in July arrested a 17-year-old in the West Midlands for his alleged role in Scattered Spider.

©2024 Bloomberg L.P.