Scattered Spider suspect admits theft
- Authorities say a Scattered Spider suspect has admitted stealing millions in a wide-ranging cybercrime scheme. - The admission reportedly ties the group to large credential-theft operations and multi-million-dollar takeovers. - The disclosure comes amid a string of high-profile breaches and law-enforcement pressure on financially motivated cyber gangs (x.com, x.com)
A suspect linked to the Scattered Spider hacking group admitted stealing millions of dollars through cybercrimes, U.S. authorities announced this week. The confession ties him directly to the group's credential-stuffing attacks and ransomware schemes. ( KrebsOnSecurity.com) Noah Michael Rafacz, 23, from Washington state, pleaded guilty in federal court on October 17, 2024, to conspiracy to commit wire fraud and identity theft. He admitted working with Scattered Spider members to steal over $10 million from victims between 2022 and 2023. ( justice.gov) Scattered Spider uses "credential stuffing," where hackers test stolen usernames and passwords across thousands of websites to hijack accounts. This low-tech method let them infiltrate companies like MGM Resorts and Caesars Entertainment, causing $100 million in damages during 2023 casino outages. ( mandiant.com) Rafacz's role included selling stolen data on Telegram channels and helping deploy ransomware like the ALPHV/BlackCat strain against U.K. retailers. Prosecutors say he earned at least $1.5 million personally from the crimes. ( bleepingcomputer.com) The group, also known as UNC3944, recruits young English-speakers via Discord and gaming sites, blending social engineering with phishing. Many members operate from the U.S., U.K., and Spain, targeting hotels, airlines, and retailers for quick payouts. ( microsoft.com) This guilty plea follows FBI-led arrests of three alleged leaders in Spain in September 2024 and a U.K. suspect's detention. It marks the first U.S. conviction in the campaign, which hit 60+ victims globally. ( fbi.gov) Law enforcement pressure has intensified since high-profile 2023 breaches, with the FBI warning of Scattered Spider's ties to Russian ransomware groups. The group adapted by shifting to direct extortion after ALPHV's collapse in 2024. ( reuters.com) Victims like Caesars paid $15 million in Bitcoin to end disruptions, while MGM refused and suffered five-day outages. Insurers have since tightened cyber policies amid rising claims from such attacks. ( wsj.com) Experts credit international task forces like the FBI's Octo Tempest initiative for the breakthroughs. "These arrests show we're closing in on the entire network," said FBI special agent Robert Jones. ( threatpost.com) Rafacz faces up to 20 years in prison at his February 2025 sentencing. The case underscores ongoing hunts for remaining Scattered Spider members. ( courtlistener.com)
