The US Department of Justice has indicted five individuals allegedly tied to the notorious cybercrime gang Scattered Spider. The suspects, accused of orchestrating multimillion-dollar cryptocurrency thefts and high-profile cyberattacks, now face charges that could land them in prison for decades.

The suspects named in the indictment are: Ahmed Hossam Eldin Elbadawy (23), aka ‘AD’, of College Station, Texas; Noah Michael Urban (20), aka ‘Sosa’ and ‘Elijah,’ of Palm Coast, Florida; Evans Onyeaka Osiebo (20), of Dallas, Texas; Joel Martin Evans (25), aka ‘joeleoli,’ of Jacksonville, North Carolina; Tyler Robert Buchanan (22), of the United Kingdom.

Urban was arrested in January on fraud charges, while Evans was apprehended earlier this week in North Carolina. Buchanan, considered a key leader of the group, was arrested in Spain in June. Scottish police raided Buchanan's home in 2023, discovering around 20 electronic devices, some of which contained phishing kits designed to transmit stolen data to a Telegram channel.

Court documents allege that Buchanan registered phishing websites, managed a Telegram coordination channel, and stole credentials that enabled the gang to compromise systems and cryptocurrency wallets. In one instance, the group stole 98.5 bitcoin, valued at $9.2 million.

Scattered Spider is suspected of executing high-profile attacks on MGM Resorts, Caesars Entertainment, and identity services provider Okta. Using SMS phishing and social engineering, the group allegedly launched a multi-year campaign to harvest credentials, compromise corporate systems, and siphon funds from cryptocurrency wallets.

Each suspect faces charges of conspiracy to commit wire fraud, conspiracy to commit identity theft, and aggravated identity theft—offenses carrying potential sentences of up to 20 years each. Buchanan faces an additional wire fraud charge, which could extend his sentence by another 20 years.

The DoJ also announced actions against PopeyeTools, a notorious online marketplace for stolen financial data and cybercrime tools. Three administrators—Abdul Ghaffar (25), Abdul Sami (35), and Javed Mirza (37)—were charged with conspiracy to commit access device fraud and related offenses.

Authorities seized three domain names hosting the marketplace and confiscated $283,000 in cryptocurrency from Sami's account. Active since 2016, PopeyeTools facilitated the sale of sensitive information belonging to at least 227,000 individuals, generating $1.7 million in illicit revenue.

If convicted, Ghaffar, Sami, and Mirza face up to 10 years in prison for each offense.