Spanish police have arrested a British national accused of leading an organized cybercrime group that broke into dozens of U.S. companies.
The unnamed British national, aged 22, was arrested at Palma airport as he was about to leave the country on a charter flight to Naples, Spanish police confirmed in a press release.
In a statement, Spanish police said the alleged hacker ringleader used phishing techniques to steal passwords to break into at least 45 companies in the United States, which allowed the theft of companies’ internal information and cryptocurrency. According to the police, the accused hacker was in control of $27 million in cryptocurrency at the time of his arrest.
A video of the suspect’s arrest was posted by police on YouTube.
Spanish police did not name the accused individual or the cybercrime group he allegedly led. A spokesperson for the FBI declined to comment when reached by TechCrunch.
TechCrunch understands that the arrested individual is the alleged leader of the group that masterminded the cyberattacks targeting Twilio in 2022, according to a person with knowledge of cybercrime operations.
The arrested suspect allegedly led a hacking group dubbed “0ktapus,” which twice broke into Twilio, a company that provides calling and messaging services to other companies. The months-long hacking spree during 2022 netted close to 10,000 employees passwords that were used to subsequently break into the networks of Twilio’s customers. The gang targeted over a hundred Twilio customers, including DoorDash and Signal, using phishing lures that were designed to look like Okta log-in pages, for which the group lends its name.
TechCrunch is not naming the alleged suspect as it is not clear if he has yet been charged with any crimes.
The arrest comes almost two years after the 0ktapus gang first emerged as a cybercrime player, underscoring the complexity of investigating some cybercrime groups.
The hackers are said to be part of a wider community of cybercriminals, dubbed “the Com” by researchers, which has emerged in recent years as a large nebulous network of mostly young adults that excels in social engineering and impersonation tactics, such as tricking employees into giving over their corporate passwords. According to Cyberscoop, the FBI recently described the Com as a “very large, expansive, disbursed group of individuals” said to involve around 1,000 people around the world. Some of the Com’s activities have involved the use of physical violence and threats, including attacks against sparring hackers.
Those associated with the Com, albeit through different group names and attributions, have been blamed for cyberattacks targeting Las Vegas casino giants MGM and Caesars Entertainment.
Earlier this year, U.S. prosecutors charged a 19-year-old Florida resident with multiple counts of wire fraud, identity theft and conspiracy. Security reporter Brian Krebs linked the alleged hacker to the 0ktapus gang.
