Authorities in the U.K. have detained a 17-year-old boy from Walsall suspected of being involved with the notorious Scattered Spider cybercrime syndicate.
According to West Midlands police, “This arrest is linked to a global cybercrime group that has been targeting large organizations with ransomware and infiltrating computer networks. It is part of an extensive investigation into a major cyber hacking community that has attacked several prominent companies, including MGM Resorts in America.”
The operation was conducted in collaboration with the U.K. National Crime Agency (NCA) and the U.S. Federal Bureau of Investigation (FBI), following the arrest of another 22-year-old syndicate member in Spain over a month ago.
Expanding Cybersecurity Threats
Scattered Spider, an offshoot of a loosely connected group known as The Com, has become an initial access broker and affiliate, distributing ransomware families such as BlackCat, Qilin, and RansomHub. A recent report by Google-owned Mandiant indicated the group’s shift towards encryptionless extortion attacks, focusing on stealing data from software-as-a-service (SaaS) applications.
In a related incident, Scott Raul Esparza, 24, from Texas, was sentenced to nine months in prison for running a distributed denial-of-service (DDoS) attack service called Astrostress between 2019 and 2022. Post-incarceration, he will serve two years of supervised release after pleading guilty to the charges in March.
The Department of Justice (DoJ) noted, “Astrostress.com offered various subscription levels based on the number and intensity of attacks, allowing co-conspirators worldwide to use its resources to launch attacks on internet-connected computers globally.”
Esparza managed the attack servers and service alongside Shamar Shattock, 21, from Florida, who faces up to five years in prison after pleading guilty in March 2023.
Additionally, the U.S. Treasury Department has sanctioned Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, members of CyberArmyofRussia_Reborn (CARR), a hacktivist group linked to the Russia-based Sandworm (aka APT44) group, for cyber attacks on critical infrastructure.
Pankratova (aka YUliYA) is identified as CARR’s leader and spokesperson, while Degtyarenko (aka Dena) is the primary hacker, allegedly responsible for compromising a Supervisory Control and Data Acquisition (SCADA) system at an unnamed U.S. energy company.
The Office of Foreign Assets Control (OFAC) stated, “Using various unsophisticated techniques, CARR has manipulated industrial control system equipment at water supply, hydroelectric, wastewater, and energy facilities in the U.S. and Europe.”