UK National Admits Hacking Firms, Stealing Millions

A British man has pleaded guilty in the United States to his part in a major cybercrime scheme. The operation employed SMS phishing, company network intrusions, and SIM swapping tactics to steal at least $1 million in virtual currency from victims nationwide.

Tyler Robert Buchanan, of Dundee, Scotland, was admitted to conspiracy to commit wire fraud and aggravated identity theft.

U.S. prosecutors said Buchanan worked with others between September and April to target at least a dozen companies and many individual victims. He has been in federal custody since April.

Stole Millions in Virtual Currency

According to court records, the group launched large-scale SMS phishing campaigns, also known as smishing attacks.

They sent hundreds of text messages to employees at targeted companies. These messages appeared to come from the victim company or from trusted third-party IT and business process outsourcing providers.

The texts contained links to fake login pages that appeared to be real corporate websites. When employees entered their usernames, passwords, and other personal information, the data was captured by a phishing kit controlled by the attackers.

Prosecutors said the stolen credentials were then sent to a Telegram channel administered by Buchanan and another co-conspirator. Using these credentials, the attackers accessed employee accounts and company systems.

They stole sensitive information, including confidential business files, intellectual property, names, email addresses, telephone numbers, and account access data.

Buchanan later admitted that investigators found files linked to many victim companies at his residence in Scotland.

Authorities said the stolen company data helped the group identify individuals with valuable holdings of virtual currency. Buchanan and his co-conspirators then moved to compromise those personal accounts and digital wallets.

To bypass security controls, the group used SIM swapping. In these attacks, a criminal convinces or tricks a mobile carrier into porting a victim’s phone number to a SIM card under the attacker’s control.

Once the number is transferred, the attacker can intercept one-time passcodes and SMS-based two-factor authentication messages, allowing access to protected accounts.

Investigators found additional evidence on a device at Buchanan’s home, including names and addresses of victims, cryptocurrency seed phrases, and login details for at least one victim’s account.

Buchanan admitted the conspiracy stole at least a million in virtual assets from victims in the United States.

U.S. District Judge John W. Holcomb has scheduled sentencing for August. Buchanan faces a maximum sentence of years in federal prison.

One co-conspirator, Noah Michael Urban of Florida, previously received a one-year federal prison sentence and was ordered to pay million in restitution.

Three other defendants still face charges. The FBI investigated the case with help from international and domestic law enforcement partners, including Police Scotland and authorities in Spain.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.