A teenage boy suspected of participating in cyberattacks on multiple Las Vegas casinos in late 2023 was arrested last week. The Las Vegas Metropolitan Police Department said the minor turned himself in Wednesday at the Clark County Juvenile Detention Center, where he was booked on multiple charges. 

The suspect, who is unnamed because he’s a minor, is charged with extortion, conspiracy to commit extortion, unlawful acts regarding computers and three counts of obtaining and using personally identifiable information to harm or impersonate another person.

Authorities did not describe the teenager’s alleged involvement in the cyberattacks, but they specifically linked the boy to the high-profile casino attacks attributed to Scattered Spider, which included devastating attacks on MGM Resorts International and Caesars Entertainment between August and October 2023.

The attacks brought multiple casino properties owned by MGM Resorts International to a standstill, resulting in $100 million in lost revenue and $10 million in one-time expenses related to response and recovery, the company said in a regulatory filing. Caesars reportedly paid a $15 million extortion demand at the time, which it alluded to in a regulatory filing. 

The minor suspected of participating in these attacks surrendered himself to authorities one day after two teenagers — Thalha Jubair, 19, of London, and Owen Flowers, 18, of Walsall, England — were arrested in the United Kingdom for their alleged involvement in many attacks attributed to Scattered Spider. 

Scattered Spider, an unbound cybercrime collective composed of young, native English-speaking people, is responsible for at least 120 cyberattacks since 2022, according to officials. Threat researchers pin many high-profile cyberattacks to the cunning threat group, including a more recent spree of attacks on Marks & Spender in the United Kingdom, United Natural Foods, WestJet and Hawaiian Airlines. 

The nebulous offshoot of The Com is notorious for using social engineering and phishing to break into critical infrastructure and business networks. Researchers said multiple people are typically involved in these attacks, providing specific technical, social engineering and extortion skills to accomplish their objectives.

The Justice Department last week said Scattered Spider was responsible for extortion attacks on 47 U.S.-based organizations from May 2022 to September 2025, adding that victims of those attacks paid at least $115 million in ransom payments.

Cybercrime experts are unsure about the identity of the teenager arrested in Las Vegas or the specific crimes he allegedly committed. “I wasn’t previously aware of a local [resident] that assisted with that hack,” Allison Nixon, chief research officer at Unit 221B, told CyberScoop.

“It is within the typical [modus operandi] of that group to recruit local people that can provide physical assistance for a hack,” she added. 

Zach Edwards, senior threat analyst at Silent Push, said it’s possible the minor “felt that they were in significant risk of being outed by someone else who was arrested, and maybe just wanted to preempt the arrest so it would be easier on their family and maybe lead to leniency in the eyes of the court.”

Officials said Las Vegas detectives working with the FBI’s Las Vegas Cyber Task Force identified the teenage boy as a suspect during their investigation into the casino attacks. Local police have not shared additional information about the case, and the FBI declined to provide further comment.

Las Vegas police said the Clark County District Attorney’s Office is seeking to transfer the juvenile to the criminal division to try him as an adult for his alleged crimes.

The post Las Vegas police arrest minor accused of high-profile 2023 casino attacks appeared first on CyberScoop.

A 23-year-old Scottish man thought to be a member of the prolific Scattered Spider cybercrime group was extradited last week from Spain to the United States, where he is facing charges of wire fraud, conspiracy and identity theft. U.S. prosecutors allege Tyler Robert Buchanan and co-conspirators hacked into dozens of companies in the United States and abroad, and that he personally controlled more than $26 million stolen from victims.

Scattered Spider is a loosely affiliated criminal hacking group whose members have broken into and stolen data from some of the world’s largest technology companies. Buchanan was arrested in Spain last year on a warrant from the FBI, which wanted him in connection with a series of SMS-based phishing attacks in the summer of 2022 that led to intrusions at Twilio, LastPass, DoorDash, Mailchimp, and many other tech firms.

As first reported by KrebsOnSecurity, Buchanan (a.k.a. “tylerb”) fled the United Kingdom in February 2023, after a rival cybercrime gang hired thugs to invade his home, assault his mother, and threaten to burn him with a blowtorch unless he gave up the keys to his cryptocurrency wallet. Buchanan was arrested in June 2024 at the airport in Palma de Mallorca while trying to board a flight to Italy. His extradition to the United States was first reported last week by Bloomberg.

Members of Scattered Spider have been tied to the 2023 ransomware attacks against MGM and Caesars casinos in Las Vegas, but it remains unclear whether Buchanan was implicated in that incident. The Justice Department’s complaint against Buchanan makes no mention of the 2023 ransomware attack.

Rather, the investigation into Buchanan appears to center on the SMS phishing campaigns from 2022, and on SIM-swapping attacks that siphoned funds from individual cryptocurrency investors. In a SIM-swapping attack, crooks transfer the target’s phone number to a device they control and intercept any text messages or phone calls to the victim’s device — including one-time passcodes for authentication and password reset links sent via SMS.

In August 2022, KrebsOnSecurity reviewed data harvested in a months-long cybercrime campaign by Scattered Spider involving countless SMS-based phishing attacks against employees at major corporations. The security firm Group-IB called them by a different name — 0ktapus, because the group typically spoofed the identity provider Okta in their phishing messages to employees at targeted firms.

The complaint against Buchanan (PDF) says the FBI tied him to the 2022 SMS phishing attacks after discovering the same username and email address was used to register numerous Okta-themed phishing domains seen in the campaign. The domain registrar NameCheap found that less than a month before the phishing spree, the account that registered those domains logged in from an Internet address in the U.K. FBI investigators said the Scottish police told them the address was leased to Buchanan from January 26, 2022 to November 7, 2022.

Authorities seized at least 20 digital devices when they raided Buchanan’s residence, and on one of those devices they found usernames and passwords for employees of three different companies targeted in the phishing campaign.

“The FBI’s investigation to date has gathered evidence showing that Buchanan and his co-conspirators targeted at least 45 companies in the United States and abroad, including Canada, India, and the United Kingdom,” the FBI complaint reads. “One of Buchanan’s devices contained a screenshot of Telegram messages between an account known to be used by Buchanan and other unidentified co-conspirators discussing dividing up the proceeds of SIM swapping.”

U.S. prosecutors allege that records obtained from Discord showed the same U.K. Internet address was used to operate a Discord account that specified a cryptocurrency wallet when asking another user to send funds. The complaint says the publicly available transaction history for that payment address shows approximately 391 bitcoin was transferred in and out of this address between October 2022 and
February 2023; 391 bitcoin is presently worth more than $26 million.

In November 2024, federal prosecutors in Los Angeles unsealed criminal charges against Buchanan and four other alleged Scattered Spider members, including Ahmed Elbadawy, 23, of College Station, Texas; Joel Evans, 25, of Jacksonville, North Carolina; Evans Osiebo, 20, of Dallas; and Noah Urban, 20, of Palm Coast, Florida. KrebsOnSecurity reported last year that another suspected Scattered Spider member — a 17-year-old from the United Kingdom — was arrested as part of a joint investigation with the FBI into the MGM hack.

Mr. Buchanan’s court-appointed attorney did not respond to a request for comment. The accused faces charges of wire fraud conspiracy, conspiracy to obtain information by computer for private financial gain, and aggravated identity theft. Convictions on the latter charge carry a minimum sentence of two years in prison.

Documents from the U.S. District Court for the Central District of California indicate Buchanan is being held without bail pending trial. A preliminary hearing in the case is slated for May 6.