Briton accused of hacking dozens of US companies arrested in Spain

Spanish police have arrested a British national accused of leading an organized cybercrime group that broke into dozens of US companies.

The 22-year-old British national, whose name was not disclosed, was arrested at Palma airport as he attempted to leave the country on a charter flight to Naples, Spanish police confirmed in a press release.

In a statement, Spanish police said the alleged hacker leader used phishing techniques to steal passwords and break into at least 45 companies in the United States, allowing the theft of the companies’ internal information and cryptocurrencies. According to police, the accused hacker had $27 million worth of cryptocurrencies at the time of his arrest.

A video of the suspect’s arrest was published by the police on YouTube.

Spanish police did not name the accused or the cybercrime group he allegedly led. An FBI spokesperson declined to comment when contacted by TechCrunch.

According to a person familiar with cybercrime operations, TechCrunch understands that the person arrested is the suspected leader of the group that planned the cyberattacks on Twilio in 2022.

The arrested suspect is said to have led a hacker group called “0ktapus” that twice broke into Twilio, a company that provides phone and messaging services to other businesses. During the months-long 2022 hack, they stole the passwords of nearly 10,000 employees, which they then used to break into Twilio customers’ networks. The gang targeted over a hundred Twilio customers, including DoorDash and Signal, and used phishing lures that looked like Okta login pages, from which the group takes its name.

TechCrunch is not naming the alleged suspect because it is unclear whether he has been charged with any crimes.

The arrest came nearly two years after the 0ktapus gang first emerged as a cybercrime actor, underscoring the complexity of investigations into some cybercrime groups.

The hackers are believed to be part of a larger community of cybercriminals dubbed “The Com” by researchers, which has emerged in recent years as a large, nebulous network of mostly young adults that specializes in social engineering and identity fraud, such as tricking employees into revealing their company passwords. According to Cyberscoop, the FBI recently described The Com as a “very large, sprawling, dispersed group of individuals” that reportedly includes around a thousand people around the world. Some of The Com’s activities have included physical violence and threats, including attacks on sparring hackers.

People associated with Com – albeit under different group names and attributions – are believed to be responsible for cyberattacks on Las Vegas casino giants MGM and Caesars Entertainment.

Earlier this year, U.S. prosecutors charged a 19-year-old Florida resident with multiple counts of wire fraud, identity theft and conspiracy. Security reporter Brian Krebs linked the suspected hacker to the 0ktapus gang.