A 24-year-old British national, Tyler Robert Buchanan, has pleaded guilty to orchestrating a large-scale cyberattack campaign that compromised more than a dozen U.S. companies and resulted in the theft of at least $8 million in cryptocurrency. According to officials from the U.S. Attorney’s Office for the Central District of California, Buchanan admitted to charges of conspiracy to commit wire fraud and aggravated identity theft, marking a significant development in an ongoing international cybercrime investigation.

Between September 2021 and April 2023, Buchanan and his co-conspirators actively targeted high-value industries, including telecommunications, interactive entertainment, and cloud communications. During this period, the group leveraged advanced social engineering tactics to infiltrate corporate systems and extract sensitive data. As a result, they gained access to valuable corporate and personal information, which they later used to execute financial theft.

To begin with, the attackers relied heavily on SMS phishing, commonly known as smishing, to deceive employees. They sent text messages impersonating internal IT teams or third-party service providers, urging recipients to click on malicious links. These links directed victims to spoofed login pages designed to replicate legitimate corporate portals. Consequently, unsuspecting employees entered their credentials, unknowingly handing over sensitive access data.

In addition, the group used custom-built phishing kits to capture usernames, passwords, and personally identifiable information in real time. This data was then automatically transmitted to a private Telegram channel controlled by the attackers. By centralizing stolen credentials, the group streamlined its operations and accelerated the process of breaching corporate networks.

Once inside, the attackers escalated their activities by extracting confidential company data, including intellectual property and employee directories. Furthermore, they analyzed this information to identify individuals with significant cryptocurrency holdings. This strategic targeting allowed them to maximize financial gains from each successful breach.

Ad Banner

To access victims’ crypto wallets, the group employed SIM swapping techniques. By fraudulently convincing mobile carriers to transfer victims’ phone numbers to attacker-controlled SIM cards, they were able to intercept two-factor authentication codes sent via SMS. As a result, they bypassed security protections and drained millions of dollars in digital assets.

When authorities conducted a raid on Buchanan’s residence in Scotland in April 2023, they uncovered extensive evidence of the operation. Investigators found devices containing large databases of victim information, cryptocurrency seed phrases, and stolen login credentials. These findings further confirmed the масштаб and sophistication of the cybercriminal network.

Buchanan has remained in federal custody since April 2025 and is scheduled for sentencing on August 21. He now faces a maximum sentence of up to 22 years in prison under U.S. federal law. Meanwhile, law enforcement agencies, including the FBI and Police Scotland, continue to pursue other individuals linked to the operation.

Notably, one co-conspirator, Noah Michael Urban, has already pleaded guilty to similar charges. He is currently serving a 10-year prison sentence and has been ordered to pay $13 million in restitution. Additionally, three other defendants connected to the case are still facing active charges as the investigation progresses.

Overall, this case highlights the growing sophistication of cybercriminal operations and underscores the importance of robust cybersecurity measures, particularly against social engineering and identity-based attacks.

Recommended Cyber Technology News :

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com



🔒 Login or Register to continue reading