A 17-year-old Walsall kid has been taken into custody by British law enforcement on suspicion of being a member of the infamous Scattered Spider cybercrime ring.
“In connection with a global cyber online crime group which has been targeting large organisations with ransomware and gaining access to computer networks,” West Midlands police said, the arrest was made. “The arrest is part of a global investigation into a large-scale cyber hacking community which has targeted a number of major companies which includes MGM Resorts in America.”
A little more than a month has passed since the teen’s arrest, which was conducted in cooperation with the U.K. National Crime Agency (NCA) and the U.S. Federal Bureau of Investigation (FBI). Another 22-year-old member of the e-crime gang from the U.K. was also apprehended in Spain.
Born out of a loose group named The Com, Scattered Spider is now an affiliate and initial access broker that distributes ransomware families such as BlackCat, Qilin, and RansomHub. The attackers have shifted to using encryptionless extortion operations to steal data from software-as-a-service (SaaS) applications, according to a recent study from Mandiant, a company owned by Google.
The development coincides with the Department of Justice’s announcement that Scott Raul Esparza, 24, of Texas, has been sentenced to nine months in jail for operating Astrostress, a distributed denial-of-service attack solution, between 2019 and 2022. After serving his sentence, Esparza will likely serve two years of supervised release. Earlier in March, he entered a guilty plea to the allegations.
“Customers of Astrostress.com were offered various levels of subscriptions – depending on how many attacks they wanted to conduct and with what power – and were charged accordingly,” the Department of Justice stated. “This site thus enabled co-conspirators worldwide to set up accounts on Astrostress.com and then use the Astrostress.com resources to direct attacks at internet-connected computers around the globe.”
It is said that Esparza, who obtained the assault servers and kept up the service, worked with Florida resident Shamar Shattock, 21. Shattock entered a guilty plea in March 2023 and could spend a maximum of five years in jail.
Additionally, it follows the imposition of sanctions by the U.S. Treasury Department on Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, two members of CyberArmyofRussia_Reborn (CARR), a hacktivist identity associated with the well-known Sandworm (also known as APT44) group based in Russia, for their involvement in cyberattacks directed at the nation’s critical infrastructure.
Pankratova, also known as YUliYA, is thought to be the group’s spokesperson and leader, while Degtyarenko, also known as Dena, serves as the group’s main hacker and is said to be in charge of breaking into an unidentified U.S. energy company’s Supervisory Control and Data Acquisition (SCADA) system.
The Office of Foreign Assets Control (OFAC) of the government stated that CARR has been in charge of manipulating industrial control system equipment at water supply, hydroelectric, wastewater, and energy facilities in the United States and Europe through a variety of simple methods.
The move was described as “another element of the propaganda campaign against Russia” by the Russian Embassy in the United States in response to the sanctions, adding that “creating an impenetrable atmosphere of Russophobia is one of Washington’s favourite methods.” According to CARR, in its own Telegram channel, “Well, friends, this is a recognition.” CELEBRATION FOR RUSSIA.”