The US Department of Justice on Wednesday announced charges against five individuals for their alleged roles in phishing attacks resulting in credential, data, and cryptocurrency theft.

According to the indictment, from at least September 2021 to April 2023, the suspects sent phishing text messages to employees at numerous companies, posing as the employing organization or one of its suppliers.

Often purporting that the employees’ accounts were about to be deactivated, the fraudulent messages directed the victims to phishing websites designed to mimic those of the legitimate companies, luring the victims into entering their usernames and passwords, which were sent to the attackers.

The defendants then used the stolen credentials to access the victims’ accounts and the systems of the targeted companies, stealing confidential data and personal information, including names, phone numbers, email addresses, and account credentials.

The suspects allegedly used the stolen information to access the cryptocurrency accounts of numerous individuals, stealing millions of dollars in cryptocurrency.

According to the indictment, the defendants targeted at least 12 organizations in the US for data theft and stole roughly $11 million in cryptocurrency assets from the wallets of at least 29 individuals.

“The conspirators were members of a loosely organized financially motivated cybercriminal group whose members primarily target large companies and their contracted telecommunications, information technology (IT), and business process outsourcing (BPO) suppliers,” the indictment reads.

The five suspects are Ahmed Hossam Eldin Elbadawy, 23, of College Station, Texas, Noah Michael Urban, 20, of Palm Coast, Florida, Evans Onyeaka Osiebo, 20, of Dallas, Texas, Joel Martin Evans, 25, of Jacksonville, North Carolina, and British national Tyler Robert Buchanan, 22.

They were part of the financially motivated cybercrime group Scattered Spider, Reuters reports.

Urban was arrested in January, Buchanan was arrested in Spain while trying to board a flight to Italy, and Evans was arrested on Tuesday. Urban, the DoJ says, also faces several fraud charges in a separate case, to which he pleaded not guilty.

In July, British authorities announced the arrest of a 17-year-old alleged member of Scattered Spider, for his involvement in the September 2023 cyberattack on MGM Resorts. The Alphv/BlackCat ransomware group claimed responsibility for the incident.

Also tracked as Starfraud, UNC3944, Scatter Swine, and Muddled Libra, Scattered Spider is known for deploying the BlackCat ransomware in attacks and is believed to be responsible for the 0ktapus campaign, which hit over 130 organizations.

Related: US Police Detective Charged With Purchasing Stolen Credentials

Related: Ex-Disney Worker Accused of Hacking Computer Menus to Add Profanities, Errors

Related: Two Indicted in US for Running Dark Web Marketplaces Offering Stolen Information

Related: Greece Flies Russian Money Launderer to US: Lawyer