Suspected 'Scattered Spider' hacker, 22, reportedly arrested in Spain

The alleged leader of the Scattered Spider hacker collective, accused of a series of high-profile incidents, has reportedly been arrested in Spain.

Spanish newspaper Murcia Today reported that a 22-year-old British man was arrested at Palma airport as he prepared to board a flight to Italy, as part of a joint operation between the Spanish police and the FBI.

The man's name has not been officially released by Spanish authorities and no charging documents have been unsealed in the United States.

Scattered Spider poses a unique challenge to law enforcement, structured more as a collective than other money-motivated threat groups, such as Russian-based cybercrime organizations.

“Law enforcement has reached another major milestone with this arrest,” said Rafe Pilling, director of threat intelligence at Secureworks Counter Threat Unit. “There is still a long way to go, but the blows continue to fall against cybercriminal gangs.”

Hackers have been blamed for a crippling 2023 cyberattack on casino giant MGM Resorts, which, in addition to its namesake, operates several Las Vegas properties including the Mandalay Bay, the Bellagio, the Cosmopolitan and the Aria.

For days, everything from slot machines to restaurant management systems to room access cards was shut down because of the attack. The attack cost the company about $100 million, it told the Securities and Exchange Commission.

The hackers notoriously deployed social engineering to gain access to their target networks, including swapping SIM cards and sending phishing text messages – a technique that allegedly helped the collective gain access to the computer networks of Coinbase, Twilio, Mailchimp and LastPass.

This follows the arrest of another suspected hacker affiliated with the group, Noah Urban, 19, in Florida in January.

“These groups have long felt untouchable, obscured by the complexities of the Internet and the anonymity it offers, but this is changing,” Pilling added. “What's interesting here is that the alleged perpetrators are operating from the UK and US where, unlike Russian-speaking groups, law enforcement can reach them. »

Learn more.