Scattered Spider Member Tylerb Pleads Guilty to Wire Fraud, ID Theft

Tyler Robert Buchanan, a 24‑year‑old British national known in the cybercrime underground as “Tylerb,” pleaded guilty on June 5 2024 in a U.S. District Court to one count of wire‑fraud conspiracy and one count of aggravated identity theft. As a senior operative of the financially‑motivated group Scattered Spider, Buchanan admitted to participating in a scheme that used spear‑phishing, voice‑phishing (vishing) and SIM‑swap attacks to harvest corporate credentials and then abuse those credentials to initiate fraudulent wire transfers.

The group’s tactics included crafting convincing OAuth‑based login pages that mimicked legitimate help‑desk portals, enabling them to bypass multi‑factor authentication (MFA) on numerous occasions. According to court filings and the investigation led by the FBI’s Cyber Division with support from the U.K. National Crime Agency, Scattered Spider compromised at least three U.S. telecommunications providers and two cryptocurrency exchanges, exfiltrating personal data on thousands of victims and moving illicit funds through a network of money mules. The indictment also links the group to a 2022 breach of a major social‑media platform where they harvested internal API keys and user records.

Prosecutors described how Buchanan coordinated with other members to conduct “living‑off‑the‑land” techniques, using legitimate system tools to avoid detection and maintaining persistence through scheduled tasks and novel reverse‑shell payloads. Forensic analysts seized servers in the Netherlands and the United Kingdom that hosted phishing kits, command‑and‑control infrastructure, and stolen credential databases. The plea agreement recommends a sentencing range of up to 20 years for the wire‑fraud conspiracy and a mandatory 2‑year consecutive term for aggravated identity theft, with possible deportation after completion of the U.S. sentence.

The case underscores the persistent threat posed by Scattered Spider, an APT‑style group that blends high‑volume phishing campaigns with sophisticated social engineering. Security researchers warn that organizations should prioritize regular phishing‑awareness training, enforce hardware‑based MFA, and adopt advanced endpoint detection to mitigate similar attacks. The guilty plea also highlights the increasing cross‑border cooperation between U.S. and U.K. law enforcement agencies in dismantling financially motivated cyber cartels.