A Former Disney Employee Sentenced To 3 Years For Hacking
Read also: Scattered Spider hacker extradited to US to face charges, hacker group targeting EU and US citizens dismantled, and more.
Thursday, May 1, 2025
A former Disney employee sentenced to 3 years in prison for hacking restaurant menus
A former Disney World employee has been sentenced to three years in US prison for hacking the company’s menu software as revenge after he was fired. Michael Scheuer, 40, from Winter Garden, Florida, was convicted for knowingly implanting malicious code that caused significant damage to Disney’s computer systems.
Scheuer, who pleaded guilty to the charges in January 2025, altered Disney World restaurant menus in several ways. He added offensive profanity to the menus, removed crucial allergen information, and replaced wine regions with the locations of recent mass shootings. The defaced menus were detected before being distributed to restaurants, preventing immediate harm to customers.
In addition to the menu tampering, Scheuer also manipulated allergen information to falsely indicate that certain food items were safe for individuals with specific allergies when they were not. To further disrupt the company, Scheuer launched denial-of-service attacks, locking Disney employees out of their accounts.
Scheuer was also ordered to pay restitution of over $687,000 to the victims of his crimes. The court also mandated that Scheuer forfeit his computer, which was used to carry out the attacks.
Alleged Scattered Spider hacker extradited to US to face charges
A 23-year-old Scottish man, Tyler Buchanan, has been extradited from Spain to the United States, where he faces multiple federal charges for his alleged involvement in the notorious Scattered Spider cybercrime group. Buchanan was arrested in Palma de Mallorca in 2024, and he now faces charges including conspiracy to commit wire fraud, wire fraud, and aggravated identity theft.
Prosecutors accuse Buchanan of being a key member of a sophisticated cybercrime ring that infiltrated several major American companies. The group is said to have targeted companies by tricking employees into revealing their login credentials. Once the hackers gained access to corporate systems, they allegedly obtained sensitive customer data and tools that allowed them to intercept communications, with the goal of stealing funds from cryptocurrency accounts.
Court documents indicate that the group focused on at least 29 individuals, targeting those with substantial online holdings. They used phishing tactics, sending personalized links to victims to compromise their financial accounts and steal tens of millions of dollars in cryptocurrency. Notable breaches attributed to Scattered Spider include cyberattacks on Riot Games, MGM Resorts International, Caesars Entertainment, and the cryptocurrency exchange Coinbase.
Buchanan is one of five individuals charged in an indictment related to the case. The other defendants include Noah Urban from Florida, Joel Evans from North Carolina, and Ahmed Elbadawy and Evans Osiebo, both from Texas. All are accused of being members of the Scattered Spider cybercriminal group, which is also known as UNC3944, Scatter Swine, and Muddled Libra.
Ukrainian and Czech authorities dismantle hacker group targeting EU and US citizens
Ukraine’s Security Service (SSU), the National Police, and Czech law enforcement agencies have dismantled a hacker group responsible for stealing funds from bank accounts and cryptocurrency wallets of citizens in the European Union and the United States.
According to officials, the cybercriminals developed and distributed malicious software that was used to infiltrate victims’ devices through phishing emails. Once access was gained, the hackers extracted sensitive personal data, which they then used to siphon funds from banking systems and virtual asset wallets.
Two key organizers and developers of the malware, along with other core members of the group, were identified and detained in Ukraine and the EU. During searches of their residences, authorities seized computer equipment, mobile phones, cryptocurrency wallets, and digital storage devices containing evidence of the group’s criminal activities.
Investigators also discovered that the hackers sold their malware on Dark Net forums, some of which are linked to groups affiliated with Russian intelligence services. If convicted, the accused face significant prison sentences.
A former telecom employee pleads guilty to SIM unlocking fraud scheme
Richard Forrest Sherman, a former employee of a multinational telecommunications company, has pleaded guilty to wire fraud conspiracy for orchestrating a scheme to fraudulently unlock SIM cards on thousands of mobile phones.
According to court documents, Sherman exploited a legitimate exemption granted to a company customer that allowed mass unlocking of mobile phone SIM cards. While managing that customer’s account, Sherman created fake affiliate accounts within the telecom company’s system, falsely presenting them as branches of the legitimate customer.
Sherman and unnamed co-conspirators used these fabricated accounts to submit bulk unlocking requests for International Mobile Equipment Identity (IMEI) numbers. The phones were then resold by others in the scheme, bypassing unlocking fees and restrictions that would have otherwise applied.
Sherman reportedly received payments through business entities he controlled in exchange for facilitating the fraudulent unlocking. If found guilty, he could face up to 20 years in prison and a fine of up to $250,000. Sentencing has not yet been scheduled.
Man sentenced to 5 years in prison for running AKO ransomware
A 33-year-old Belarusian man has been sentenced to five years in prison, with one year suspended, and fined 100,000 euros by a Paris court for his role in the AKO ransomware group, also known as MedusaReborn.
The group encrypted data from 2,341 organizations, including 65 French citizens, targeting entities such as municipalities, pharmacies, law firms, and hospitals. The crimes, which included fraud, extortion, and money laundering, involved exploiting open RDP for system access. Arrested in Georgia in August 2022 and extradited to France in May 2023, the defendant, identified as Yauhen Horbach, has been in detention awaiting trial.
In the meantime, two individuals have been arrested in a joint international operation that dismantled JokerOTP, a sophisticated phishing tool used to steal over £7.5 million. The arrests took place on April 22nd, with a 24-year-old man detained in Middlesbrough, England, and a 30-year-old man arrested in the Netherlands.
The operation, led by Cleveland Police's Cyber Crime Unit, uncovered how JokerOTP was used to intercept 2FA codes and carry out fraudulent transactions across 13 countries over two years. The fraudsters, operating under aliases “spit” and “defone123,” tricked victims by impersonating trusted organizations like banks and cryptocurrency exchanges to steal personal information and access accounts.
What’s next:
- Join our upcoming webinars
- Follow ImmuniWeb on Twitter, LinkedIn and Telegram
- Explore 20 use cases how ImmuniWeb can help
- Browse open positions to join our great Team
- See the benefits of our partner program
- Request a demo, quote or special price
- Subscribe to our newsletter
Key Dutch has been working in information technology and cybersecurity for over 20 years, starting his first job with Windows 95 and dial-up modems. As the Editor-in-Chief of our Cybercrime Prosecution Weekly blog series, he compiles the most interesting news about police operations against cybercrime, as well as about regulatory actions enforcing data protection and privacy law.