Scattered Spider Member Pleads Guilty to $8 M Crypto Theft via SMS Phishing and SIM‑Swap Attacks
What Happened – Tyler Buchanan, a 24‑year‑old Scottish national linked to the Scattered Spider (UNC3944/0ktapus) cybercrime group, pleaded guilty in U.S. federal court to conspiring to hack at least a dozen companies, run large‑scale SMS phishing campaigns, and steal roughly $8 million in cryptocurrency through credential theft and SIM‑swap attacks.
Why It Matters for TPRM –
- The case demonstrates how low‑cost SMS phishing can compromise corporate credentials and expose sensitive data.
- SIM‑swap techniques bypass MFA, highlighting the need for stronger out‑of‑band authentication.
- Criminal actors leveraged stolen corporate data to target individual employees, expanding the attack surface beyond the breached organization.
Who Is Affected – Financial services, technology SaaS providers, and any enterprise that relies on SMS‑based MFA or stores cryptocurrency assets.
Recommended Actions –
- Review and replace SMS‑based MFA with hardware or app‑based tokens.
- Conduct phishing‑resilience training focused on SMS and social engineering.
- Audit third‑party access and enforce least‑privilege for credential use.
Technical Notes – The attackers used a custom SMS phishing kit to harvest login credentials, then performed SIM‑swap attacks to intercept one‑time codes and gain unauthorized access to crypto wallets. Stolen corporate data (intellectual property, personal identifiers) was also exfiltrated and shared on a Telegram channel. Source: Security Affairs