Five people have been named and charged as being part of a cyber-criminal operation and targeting users via SMS messages.

Of the five men, they range in ages from 20 to 25 and are based in Texas, Florida and North Carolina, with one based in Scotland.

They are alleged by the U.S Attorney's Office of targeting employees of companies nationwide with phishing text messages, using the credentials to log in and steal non-public company data and information, and to hack into virtual currency accounts to steal millions of dollars in cryptocurrency.

SMS Messages

Conducted between September 2021 to April 2023, the attacks were conducted by sending SMS messages to employees of the companies, claiming to be from the victim company, contracted information technology, or business services supplier of the victim company.

The phishing text messages often stated that the employees’ accounts were about to be deactivated and provided links to phishing websites where employees entered their credentials, and sometimes authenticated their identities using a two-factor authentication request sent to their mobile phones.

“The defendants allegedly preyed on unsuspecting victims in this phishing scheme and used their personal information as a gateway to steal millions in their cryptocurrency accounts,” said Akil Davis, the assistant director in charge of the FBI’s Los Angeles Field Office.

“These types of fraudulent solicitations are ubiquitous and rob American victims of their hard-earned money with the click of a mouse. I’m proud of our stellar cyber agents whose work led to the identification of the alleged schemers who are facing significant prison time if convicted.”

If convicted, each defendant would face a statutory maximum sentence of 20 years in federal prison for conspiracy to commit wire fraud, up to five years in federal prison for the conspiracy count, and a mandatory two-year consecutive prison sentence for aggravated identity theft.

Consequences

Charles Carmakal, Mandiant Consulting CTO - Google Cloud, said: “This is a nice win for law enforcement that over time has significantly hampered the group's fast-paced tempo this year. We hope this sends a message to the other actors they collaborate with that they aren't immune to consequences."

William Wright, CEO of Closed Door Security, called the efforts immense, as rather than using basic email phishing, the attackers also tracked an employee on LinkedIn and then contacted an IT helpdesk worker requesting a password reset. “Once the new password was secured, they then conducted an MFA fatigue attack which was enough to grant them with system access.”

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.