A 22-year-old British national allegedly linked to the Scattered Spider hacking group and responsible for attacks on 45 U.S. companies has been arrested in Palma de Mallorca, Spain.
The suspect is suspected of being a leader of a cybercrime gang dedicated to stealing data and cryptocurrencies from organizations and then extorting them for not publishing sensitive data.
"The modus operandi consisted of obtaining access credentials from individuals through phishing techniques, which were then used to access companies and seize sensitive information or access the victims' cryptocurrency wallets and take them over," reads the police's announcement.
"The agents arrested him at Palma airport when he was about to leave Spanish territory on a charter flight to Naples."
According to the investigators, the particular threat group stole $27,000,000 worth of cryptocurrencies using the above scheme.
The arrest of the threat group leader resulted from an investigation that started following a tip from the FBI that the individual was in Spain.
After the FBI received an International Arrest Warrant (OID), the Spanish police arrested the cybercriminal on May 31, 2024, at the Palma airport, as he was about to leave for Naples, Italy.
During the arrest, his laptop and mobile phone were also confiscated to be examined by forensic investigators for incriminating evidence.
Links to Scattered Spider
Though the authorities have not yet shared details about the threat group the suspect is associated with, VX-Underground alleges without substantiating that he is "Tyler," a SIM swapping specialist from the notorious Scattered Spider group.
Brian Krebs reports that sources familiar with the investigation said that "Tyler," also known as "tylerb,” is commonly seen on Telegram channels focused on SIM-swapping.
Scattered Spider, also known as 0ktapus or UNC3944, is an ever-evolving loose-knit collective of English-speaking cybercriminal group known for using social engineering, phishing, multi-factor authentication (MFA) fatigue, and SIM swapping to access their targets' networks.
What made some of the members of this group stand out was their participation as an affiliate with the Russian-speaking BlackCat ransomware gang.
In September 2023, it was revealed that Scattered Spider had breached the entertainment giant MGM Resorts, deploying a BlackCat/ALPHV encryptor, stealing data, and causing severe operational disruption to the company's business.
The Spanish police's description of the cyber-activities, suspect's age, and origin match the profile of Scattered Spider members, and the described tactics resemble those associated with the threat group. However, the connection hasn't been officially established.