Law enforcement officials in the U.K. have arrested a 17-year-old boy from Walsall who is suspected to be a member of the notorious Scattered Spider cybercrime syndicate.
The arrest was made "in connection with a global cyber online crime group which has been targeting large organizations with ransomware and gaining access to computer networks," West Midlands police said. "The arrest is part of a global investigation into a large-scale cyber hacking community which has targeted a number of major companies which includes MGM Resorts in America."
The teen's arrest, carried out in coordination with the U.K. National Crime Agency (NCA) and the U.S. Federal Bureau of Investigation (FBI), comes a little over a month after another 22-year-old member of the e-crime gang from the U.K. was apprehended in Spain.
Scattered Spider, an offshoot of a loose-knit group called The Com, has evolved into an initial access broker and affiliate, delivering ransomware families like BlackCat, Qilin, and RansomHub. A recent report from Google-owned Mandiant revealed the attackers' pivot to encryptionless extortion attacks that aim to steal data from software-as-a-service (SaaS) applications.
The development comes as the DoJ announced the sentencing of Scott Raul Esparza, 24, of Texas, to nine months in prison for running a distributed denial-of-service (DDoS) attack solution named Astrostress between 2019 and 2022, following which he is expected to serve two years of supervised release. He pleaded guilty to the charges earlier in March.
"Customers of Astrostress.com were offered various levels of subscriptions – depending on how many attacks they wanted to conduct and with what power – and were charged accordingly," the DoJ said. "This site thus enabled co-conspirators worldwide to set up accounts on Astrostress.com and then use the Astrostress.com resources to direct attacks at internet-connected computers around the globe."
Esparza, who procured the attack servers and maintained the service, is said to have collaborated with Shamar Shattock, 21, of Florida. Shattock faces up to five years in prison after pleading guilty in March 2023.
It also comes in the wake of sanctions imposed by the U.S. Treasury Department against Yuliya Vladimirovna Pankratova and Denis Olegovich Degtyarenko, two members of CyberArmyofRussia_Reborn (CARR), a hacktivist persona tied to the prolific Russia-based Sandworm (aka APT44) group, for engaging in cyber attacks targeting critical infrastructure in the country.
Pankratova (aka YUliYA) is believed to be the leader of CARR and its spokesperson, with Degtyarenko (aka Dena) working as the primary hacker for the group and allegedly responsible for the compromise of a Supervisory Control and Data Acquisition (SCADA) system of an unnamed U.S. energy company.
"Using various unsophisticated techniques, CARR has been responsible for manipulating industrial control system equipment at water supply, hydroelectric, wastewater, and energy facilities in the U.S. and Europe," the department's Office of Foreign Assets Control (OFAC) said.
Responding to the sanctions, the Russian Embassy in the U.S. called the move "another element of the propaganda campaign against Russia" and that "creating an impenetrable atmosphere of Russophobia is one of Washington's favorite methods." In its own Telegram channel, CARR said, "Well, friends, this is a recognition. GLORY TO RUSSIA."
(The story was updated after publication to include responses from the Russian Embassy and CARR.)