After evading capture for more than two years following a hacking spree that targeted some of the world’s biggest tech companies, U.S. authorities say they have finally caught at least some of the hackers responsible.
In August 2022, security researchers went public with a warning that a group of hackers had targeted over 130 organizations as part of a sophisticated phishing campaign that stole the credentials of almost 10,000 employees. The hackers were specifically targeting companies that used Okta, a single sign-on provider used by thousands of companies worldwide to let their employees log in from home.
Because of its focus on Okta, the hacking group was dubbed “0ktapus.” To date, the group hacked Caesars Entertainment, Coinbase, DoorDash, Mailchimp, Riot Games, Twilio (twice), and dozens more.
The hackers’ most notable sizable cyberattack by way of downtime and impact was the hack against MGM Resorts in September 2023, which reportedly cost the casino and hotel giant at least $100 million. In that case, the hackers worked with the Russian-speaking ransomware gang ALPHV, and demanded a ransom from MGM for the company to get its files back. The hack was so disruptive that the casinos owned by MGM had trouble providing services for days.
For the last two years, as law enforcement has been closing in on the hackers, people in the cybersecurity industry tried to figure out exactly how to categorize the hackers and whether to put them in one group or another.
The hackers’ techniques, such as social engineering, email and text message phishing, and SIM swapping, are common and widespread. Some of the individual hackers were part of several groups responsible for different data breaches. These circumstances have made it difficult to understand exactly who belongs in what group. Cybersecurity giant CrowdStrike dubbed this umbrella group of hackers “Scattered Spider,” and researchers believe there is some overlap with 0ktapus.
The group was so active — and successful — that U.S. cybersecurity agency CISA and the FBI issued an advisory in late 2023 with details on the group’s activities and techniques, in an attempt to help organizations prepare for and defend against anticipated attacks.
Scattered Spider is “a cybercriminal group that targets large companies and their contracted IT help desks,” CISA wrote in its advisory. The agency warned that the group “have typically engaged in data theft for extortion,” and noted their known links to ransomware gangs.
One thing that’s relatively certain is that the hackers are mostly English-speaking, and widely believed to be in their teens and early-20s — and sometimes referred to as “advanced persistent teenagers.”
“There is a disproportionate number of minors involved, and that’s because the group deliberately recruits minors because of the lenient legal environment these minors exist in and they know nothing will happen to them if the police catch a kid,” Allison Nixon, chief research officer at Unit 221B, told TechCrunch at the time.
Over the last two years, some of the members of 0ktapus and Scattered Spider have been linked with a similarly nebulous group of cybercriminals known as “the Com.” People in this wider cybercrime community have committed crimes that crossed over into the real world. Some of them have been responsible for violent acts, such as robberies, burglaries, and brickings — hiring thugs to throw bricks at someone’s house or apartment; as well as swatting — where someone tricks authorities into believing there’s a violent crime happening, triggering the armed police unit to intervene. While born as a prank, swatting is known to have fatal consequences.
After two years of hacking, authorities are finally starting to identify and charge members of Scattered Spider.
In July, U.K. police confirmed the arrest of a 17-year-old in connection to the hack at MGM.
In November, the U.S. Department of Justice announced that it had indicted five hackers: Ahmed Hossam Eldin Elbadawy, 23, of College Station, Texas; Noah Michael Urban, 20, of Palm Coast, Florida, who had been arrested in January; Evans Onyeaka Osiebo, 20, of Dallas, Texas; Joel Martin Evans, 25, of Jacksonville, North Carolina; and Tyler Robert Buchanan, 22, from the United Kingdom, who was arrested in June in Spain.
Keep reading the article on Tech Crunch
In May 2023, Ford triggered a transformation when the U.S. automaker locked in a deal to give owners of its EVs access to the Tesla Supercharger network.
In a stunning shift, automaker after automaker — from GM and Hyundai to Rivian and Mercedes — followed suit. By the end of 2023, nearly every major automaker had agreed to adopt Tesla’s North American Charging Standard (NACS) and promised EV owners that adapters would soon be on their way.
Most non-Tesla customers are still waiting. However, recent announcements from automakers may provide an electric lining of optimism.
TechCrunch is tracking which brands have access to the Tesla Supercharging Network and will be updating this list.
In November 2022, Tesla shared its EV charging connector design in an effort to encourage network operators and automakers to adopt the technology and help make it the new standard in North America. At the time, every other automaker was using the Combined Charging Standard (CCS) in North America.
Mass adoption seemed unlikely at the time even though Tesla’s charging network was considered far superior thanks to its robust and user-friendly design and the ease of paying for the EV juice.
Six months later, Ford became the first to announce it would work with Tesla in a deal that would give its customers access to more than 12,000 Superchargers across the U.S. and Canada. But it wasn’t just about giving Ford EV owners access to a special adapter. Ford also committed to integrating its future EVs with NACS ports instead of CCS.
Rivian, GM, BMW, Honda, Hyundai, Volkswagen, Porsche, Audi, Hyundai, Kia, Lucid, and Stellantis followed.
In the U.S. today, there are 36,499 NACS ports available publicly (although some of those might be from other EV charging companies that have adapted Tesla’s standard), compared to around 16,925 CCS ports. That’s despite federal dollars that have gone explicitly to the buildout of CCS chargers.
For EV owners stuck with a CCS port, they’ll have to hold out for manufacturer-approved adapters. While there are some third-party adapters that claim to be compliant with certain safety and performance standards, like Lectron’s Vortex Plug for $199, Tesla’s website says such adapters are prohibited.
A GM spokesperson told TechCrunch its adapters have been specifically designed to protect GM EV batteries while charging and that its vehicle warranty doesn’t cover damage to vehicle parts resulting from the use of non-GM approved adapters.
In late August, Tesla posted on X that it had ramped up production of adapters. That statement, combined with GM’s announcement, could mean that even more non-Tesla EVs will be pulling up to Supercharger stations soon. They’ll all have to download the Tesla app so they can pay for charging.
Certain Ford customers officially gained access to Tesla Superchargers in February, but ongoing supply constraints have delayed the delivery of free fast-charging adapters for most customers (although Ford says the delays have affected “some” customers).
Current owners of the Mustang Mach-E and Ford F-150 Lightning who have yet to order their adapter can do so through their Ford Pass app. The deadline to apply for a free adapter is September 30.
As of September 2024, GM has finally updated the software on its Chevy, Cadillac, and GMC EVs so customers can use Tesla’s Superchargers. If they want access soon, they need to purchase a “GM approved” adapter through their app for $225.
GM wouldn’t say how long shipping would take. A GM spokesperson said the company already has an inventory of the adapters and that it’s worked with multiple suppliers to manufacture the approved NACS DC fast-charging adapters.
From 2025 onward, GM’s EVs will be built with the NACS charge port.
The South Korean automaker has made several moves to give EV owners access to NACS chargers in the coming year.
Kia announced in September its plans to give EV owners access to NACS chargers starting January 15, 2025. They used the announcement as something of a promotion, offering customers who buy a new 2024 EV6 or 2024 or 2025 EV9 SUV from September 4, 2024 a free adapter mailed to them in early 2025, if there’s enough supply. Existing Kia EV6, EV9, and Niro EV customers who took delivery before September 4 will have to buy an adapter from a dealer “at a later date.”
But for those who don’t want to bother with an adapter, Kia shared some news at the LA Auto Show in November. Both the 2025 EV6 and 2026 EV9 GT will be manufactured with a NACS plug. The EV6 is expected to go on sale in the first half of 2025, and the EV9 GT in the latter half of next year.
The 2026 Hyundai Ioniq 9 and the 2026 Genesis Electrified GV70 were also both presented with NACS plugs at the LA Auto Show and promise drivers access to Tesla’s Supercharging network.
Beginning in late 2024, Nissan plans to give Ariya drivers access to Tesla’s network through a NACS adapter. The automaker also said that in 2025, it will start offering EVs for the U.S. and Canadian markets with a NACS port.
EV startup Rivian officially got access to 15,000 Superchargers across North America on March 18, 2024. At the time, Rivian promised to begin sending adapters to customers starting in April. A Rivian spokesperson told TechCrunch the automaker began delivery this spring and continues to ship adapters as quickly as it receives them.
As of September 2024, Rivian said that customers who order a new vehicle will have an adapter shipped to them automatically when they take delivery. Customers will receive the adapter within seven to 10 business days. The EV-maker also promised that those who already own a Rivian and are still awaiting an adapter will receive one at no cost by the end of January 2025.
The two Swedish car brands owned by China’s Geely began offering their EV customers access to Tesla’s Supercharger network at the end of October.
Volvo said it will include a free NACS adapter for any customer who buys a 2025 EX90, EX40, or EC40. Existing Volvo EV owners will have to shell out $230 for an adapter, which they can buy from a dealership or service center.
Polestar is also selling the adapter through its service centers. Both brands gave a mid-November date when they’ll start shipping adapters. Volvo and Polestar are also updating their Android-powered infotainment software so drivers can search for Tesla Superchargers in the vehicle’s navigation.
TechCrunch will update the list as automakers gain official access.
Keep reading the article on Tech Crunch