Team CryptoInsightfull 
An alleged member of the hacking group Scattered Spider has been charged with carrying out phishing attacks on telecommunications companies and a financial institution.
Remington Ogletree, a 19-year-old resident of Texas and Florida, is at least the sixth alleged member of the group to have federal charges filed against them in recent months. The hacking collective drew international attention last year over its paralyzing cyberattacks on casino giants MGM Resorts and Caesars Entertainment, and their social engineering attempts have breached the computer networks of Coinbase, Twilio, Mailchimp and LastPass.
The group is believed to be an offshoot of a pool of cybercriminals who dubbed themselves “the Community,” or “the Com.”
According to a recently unsealed criminal complaint, from at least October 2023 through May 2024, Ogletree “perpetuated a scheme to defraud in which he called and sent phishing messages to U.S.-and foreign-based company employees to gain unauthorized access to the companies’ computer networks.”
He is charged with wire fraud and identity theft and was released on $50,000 bail. His victims suffered more than $4 million in losses as a direct result of his scheme, prosecutors allege.
In October 2023, an employee of an unnamed U.S.-based telecom company received a call from someone impersonating IT support who “pressured” them to click a link sent by text message, according to the complaint. The employee did so and then entered their username and password when prompted. With those credentials, Ogletree allegedly stole confidential customer data, including customer API keys, which he then used to access customer accounts and send out some 8.5 million phishing texts with messages designed to steal cryptocurrency.
That same month, he allegedly targeted 149 employees at a financial institution phishing text messages that redirected them to a website impersonating their employer. Twelve accounts were successfully breached.
A third victim company, a telecom provider in Europe, was breached through impersonation phone calls that duped an employee into entering their credentials. Ogletree then allegedly impersonated the employee to gain further access to the company’s networks and stole confidential information. Several months later, the company’s network was used to send out 140,000 phishing messages, according to the complaint.
Ogletree was initially interviewed by the FBI in February at his home in Fort Worth where he allegedly told agents he knows “key Scattered Spider members.” He went on to explain that the group targets Business Process Outsourcing (BPO) companies — third-party entities that provide specific services — and has hacked at least five large BPOs “because outsourcing companies they [sic] have less security.”
Ogletree also told agents that at the age of 12 he got involved with SIM-swapping, a type of scam where a hacker hijacks someone’s phone by tricking their mobile carrier into granting them access, but was arrested “like 6 months later.”
Several days after his FBI interview, Ogletree allegedly turned to a money laundering service, where he requested $75,000 in cash by mail in exchange for cryptocurrency. Unbeknownst to him, the service was part of an undercover FBI operation.
From a Telegram account investigators believe is owned by Ogletree, in October 2023 the 19-year-old bragged to the administrator of the money laundering service about his exploits, claiming to have earned “$300k past 24 hours” through an exploit against a cryptocurrency company. He suggested the launderer “hack internet service provider with lots of customer emails” in order to direct crypto customers to a “phishing site.”
“You can make $10m a year easily doing it if dedicated,” he allegedly told the administrator.
Recorded Future
Intelligence Cloud.
