International

Scottish man extradited to US over cyber fraud linked to Scattered Spider group

Saturday, 26 April 2025 12:09AM UTC

Tyler Buchanan, 23, has been extradited from Spain to the US on multiple cyber fraud charges related to the notorious hacking collective Scattered Spider, accused of infiltrating telecom firms and stealing cryptocurrency.

A 23-year-old Scotsman, Tyler Buchanan, has been extradited from Spain to the United States on charges linked to a cyber fraud operation. Buchanan was apprehended in June last year at Palma de Mallorca airport in Spain as he tried to board a flight to Naples. He is accused of involvement with the cybercrime group known as Scattered Spider, which is alleged to have engaged in a wide-ranging cyber fraud scheme.

The charges against Buchanan include conspiracy to commit wire fraud, conspiracy, wire fraud, and aggravated identity theft. Following his extradition on Wednesday, he is currently being held in detention in California, as confirmed by a Department of Justice official to Bloomberg. Efforts to obtain comments from Buchanan’s legal representation and the US Attorney’s Office in the Central District of California have so far been unsuccessful.

Buchanan and four co-defendants face allegations of deceiving employees at numerous companies, including four major US telecommunications providers and a US cryptocurrency firm, to obtain their login information. This enabled the group allegedly to infiltrate corporate systems to ultimately facilitate the theft of cryptocurrency from customers.

The other indicted individuals include Noah Urban from Florida; Joel Evans from North Carolina; and Ahmed Elbadawy and Evans Osiebo, both from Texas. According to prosecutors, all are members of the Scattered Spider hacking collective. The indictment states the perpetrators stole customer data and accessed telecom providers’ tools that allowed them to intercept texts and calls. Subsequently, they used phishing tactics against targeted customers in an attempt to infiltrate cryptocurrency or financial accounts.

Scattered Spider has been associated with attacks on companies such as MGM Resorts International, Caesars Entertainment Inc., and Coinbase Global Inc. The group gained notoriety in September 2023 following cyberattacks that targeted the networks of casino operators Caesars Entertainment and MGM Resorts International, leading to network lockouts and ransom demands. Caesars reportedly paid approximately $15 million to restore its systems, although it remains unclear if Buchanan and the other defendants were directly involved in those specific casino hacks.

The Daily Record is reporting this development as part of ongoing coverage of cybercrime and its impacts on international companies and customers.

Source: Noah Wire Services

More on this

https://www.bankinfosecurity.com/suspected-scattered-spider-head-extradited-from-spain-a-28090 - Confirms that Tyler Buchanan, a 23-year-old Scotsman, was extradited from Spain to the United States and is charged with wire fraud, aggravated identity theft, and conspiracy related to the Scattered Spider cybercrime group.
https://news.stv.tv/scotland/scottish-man-linked-to-hacking-group-which-stole-millions-in-crypto-extradited-to-us-from-spain - Details Buchanan's arrest in Palma de Mallorca, Spain while trying to board a flight to Naples, and lists the charges against him including conspiracy to commit wire fraud and aggravated identity theft, as well as his alleged involvement in stealing millions in cryptocurrency through phishing attacks.
https://www.devdiscourse.com/article/law-order/3358367-scottish-hacker-extradited-the-scattered-spider-connection - Describes Buchanan's extradition to the US and his association with the Scattered Spider hacking collective, noting the group's attacks on casino operators Caesars Entertainment and MGM Resorts International, including ransomware demands and network lockouts.
https://news.sky.com/story/scottish-man-linked-to-hacking-group-scattered-spider-among-five-charged-in-us-13257514 - Provides information about Buchanan and his four co-defendants facing charges related to phishing attacks, identity theft, and the theft of cryptocurrency, naming the other accused individuals and confirming Buchanan's detention following his arrest in Spain.
https://cyberscoop.com/british-national-with-possible-links-to-high-profile-phishing-campaigns-arrested-in-spain/ - Reports on Buchanan’s arrest in Spain and his possible links to a high-profile phishing campaign, corroborating his identity and involvement with the FBI’s investigation into the Scattered Spider group.
https://www.justice.gov/usao-cdca/pr/five-individuals-charged-conspiracy-commit-wire-fraud-and-aggravated-identity-theft - Official press release from the U.S. Attorney’s Office for the Central District of California outlining the charges against Tyler Buchanan and his co-defendants for wire fraud, conspiracy, and aggravated identity theft in connection to the cyber fraud scheme involving telecommunications companies and cryptocurrency theft.
https://www.dailyrecord.co.uk/news/scottish-news/scot-accused-cyber-fraud-gang-35118928 - Please view link - unable to able to access data

Noah Fact Check Pro

The draft above was created using the information available at the time the story first emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed below. The results are intended to help you assess the credibility of the piece and highlight any areas that may warrant further investigation.

Freshness check

Score: 9

Notes: The report mentions recent events, such as an extradition in June last year and significant cyberattacks in September 2023. It appears to be current, though it references past events.

Quotes check

Score: 8

Notes: There are no direct quotes from individuals in the provided text. While there is mention of a Department of Justice official confirming information to Bloomberg, no specific quote is given.

Source reliability

Score: 7

Notes: The narrative originates from the Daily Record, a regional newspaper in Scotland. While it may not be as well-known globally as some major news outlets like the Financial Times or BBC, it is still a recognized local source.

Plausability check

Score: 9

Notes: The claims are plausible and detail a plausible cybercrime scenario involving known entities and tactics like phishing. The narrative aligns with typical patterns of cyber fraud and hacking groups.

Overall assessment

Verdict (FAIL, OPEN, PASS): PASS

Confidence (LOW, MEDIUM, HIGH): HIGH

Summary: The narrative appears to be current and plausible, with no direct quotes to verify. The source is a recognized regional publication, enhancing reliability for local reporting.

cybercrime
extradition
Scattered Spider
fraud
cryptocurrency