A 23-year-old Scottish man accused of being a key player in the notorious Scattered Spider cybercrime group has been extradited to the United States from Spain.
Tyler Buchanan was arrested last year in Palma de Mallorca, when he was about to leave the country for Naples on a chartered flight and now faces multiple federal charges, including conspiracy to commit wire fraud, wire fraud, and aggravated identity theft. He appeared in a California federal court last week and remains in custody.
Prosecutors allege Buchanan was part of a sophisticated hacking ring that infiltrated numerous American companies, including four major telecommunications providers and a cryptocurrency firm, by tricking employees into handing over login credentials. Once inside corporate systems, the hackers allegedly accessed sensitive customer data and tools used to intercept communications, with the aim of draining cryptocurrency accounts.
According to court documents, the group targeted at least 29 individuals and netted tens of millions of dollars in stolen cryptocurrency. Victims were often selected based on the value of their online holdings and then phished using personalized links to compromise their financial accounts.
Buchanan is one of five individuals charged in the indictment. Other defendants include Noah Urban of Florida, Joel Evans of North Carolina, and Texas residents Ahmed Elbadawy and Evans Osiebo. All are accused of being members of Scattered Spider (also tracked as UNC3944, Scatter Swine, and Muddled Libra), a cybercriminal collective linked to a wave of high-profile digital intrusions.
Notable breaches attributed to Scattered Spider include cyberattacks on Riot Games, MGM Resorts International, Caesars Entertainment Inc., and cryptocurrency exchange Coinbase Global Inc.
The hacker group first emerged in late 2022 and consists of members from the United States and the United Kingdom. Noah Urban, a leader of the collective, known as “King Bob,” pleaded guilty earlier this month to federal charges tied to a string of cyberattacks on major US companies.
