The U.S. government announced charges against five individuals accused of carrying out a multi-year hacking spree targeting tech giants and cryptocurrency owners, which security researchers dubbed 0ktapus.

On Wednesday, the U.S. Department of Justice published a press release announcing the charges against the five alleged hackers: Ahmed Hossam Eldin Elbadawy, 23, of College Station, Texas; Noah Michael Urban, 20, of Palm Coast, Florida; Evans Onyeaka Osiebo, 20, of Dallas, Texas; Joel Martin Evans, 25, of Jacksonville, North Carolina; and Tyler Robert Buchanan, 22, from the United Kingdom, who was arrested in Spain earlier this year.

The press release said that the five accused hackers targeted employees at American companies with phishing text messages with the goal of stealing their credentials, which they then used to break in and steal company data, as well as cryptocurrency worth millions of dollars. The hackers also allegedly used SIM swapping attacks to steal employees' phone numbers and get their passwords by using password reset features.

Victims mentioned in the court documents published on Wednesday include U.S. based organizations providing entertainment products, virtual currency, cloud communication platforms, and telecommunication services. The hackers allegedly stole $6.3 million in cryptocurrency from a single unnamed victim, the indictment says.

“We allege that this group of cybercriminals perpetrated a sophisticated scheme to steal intellectual property and proprietary information worth tens of millions of dollars and steal personal information belonging to hundreds of thousands of individuals,” said U.S. Attorney Martin Estrada, as quoted in the press release.

As part of the announcement, the DOJ unsealed three court documents related to the case.

Security researchers have previously linked the alleged hackers to a prolific hacking group called 0ktapus, for their use of spoofing Okta login portals used by tech giants. The hackers targeted hundreds of companies over a months-long hacking campaign in 2022, including Twilio, Coinbase, and DoorDash, and again in 2023 to target game makers, including Riot Games.

The hackers were later believed to be involved with other criminal cyberattacks under the group Scattered Spider. Ciaran McEvoy, a spokesperson for the DOJ, confirmed to TechCrunch that the five hackers are suspected of being part of the group known as Scattered Spider.

In one of the court documents, prosecutors describe the cybercriminal gang as “a loosely organized financially motivated cybercriminal group whose members primarily target large companies and their contracted telecommunications, information technology, and business process outsourcing suppliers.”