"Buchanan admitted to conducting SMS phishing attacks, bombarding a victim company's employees with hundreds of messages linking to phishing sites designed to harvest credentials and personally identifiable information (PII)."
"Using the stolen information, Buchanan and his co-conspirators accessed the employees' accounts and the victim company's systems, stealing sensitive information such as intellectual property, PII, credentials, and confidential documents."
"To access the wallets and bypass multi-factor authentication (MFA), the conspirators relied on SIM swapping, which involves reassigning the victim's phone number to a SIM card under the attackers' control."
"In April 2023, law enforcement found at Buchanan's Scotland residence a device containing the names and addresses of multiple victims, as well as a file containing cryptocurrency seed phrases and login information for a victim account."
Tyler Robert Buchanan, a 24-year-old from Dundee, Scotland, pleaded guilty to conspiracy to hack into numerous companies and steal millions in cryptocurrency. Arrested in June 2024, he was charged in the US for his involvement with the hacking group Scattered Spider. Buchanan conducted SMS phishing attacks to harvest credentials and personally identifiable information. He and his co-conspirators accessed employee accounts, stealing sensitive information and at least $8 million in cryptocurrency. They used SIM swapping to bypass multi-factor authentication and intercept two-factor authentication codes.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]