Spanish police have arrested a 22-year-old British national accused of heading an organized cybercrime group responsible for breaching numerous U.S. companies. The suspect was detained at Palma airport just as he was preparing to board a charter flight to Naples.
According to Spanish authorities, the individual utilized phishing techniques to gain unauthorized access to at least 45 U.S. companies. These attacks facilitated the theft of sensitive company information and cryptocurrency. At the time of his arrest, the suspect allegedly controlled approximately $27 million in cryptocurrency.
The police have released a video of the arrest on YouTube but have not disclosed the suspect’s identity or the name of the cybercrime group he allegedly led. A spokesperson for the FBI declined to comment.
Sources indicate that the arrested individual is believed to be the leader of the group behind the cyberattacks on Twilio in 2022. This group, known as “0ktapus,” conducted a series of phishing attacks that compromised nearly 10,000 employee passwords from Twilio. These credentials were then used to infiltrate the networks of Twilio’s customers, including high-profile companies such as DoorDash and Signal. The group derived its name from the Okta log-in pages used in their phishing lures.
The arrest of this individual underscores the complexity and time-consuming nature of cybercrime investigations, as it comes nearly two years after 0ktapus first became known in the cybercrime world.
Researchers have linked the 0ktapus group to a broader network of cybercriminals known as “the Com.” This expansive network is composed mainly of young adults skilled in social engineering and impersonation tactics to steal corporate passwords. The FBI recently described the Com as a “very large, expansive, disbursed group” involving around 1,000 individuals globally. Some of the Com’s activities have escalated to physical violence and threats, including attacks against rival hackers.
The Com has also been implicated in cyberattacks on major Las Vegas casino companies, MGM and Caesars Entertainment. Earlier this year, U.S. prosecutors charged a 19-year-old Florida resident with multiple counts of wire fraud, identity theft, and conspiracy, linking him to the 0ktapus group.
As investigations continue, the arrest highlights the ongoing battle between law enforcement and sophisticated cybercriminal networks.
Philips Babatunde