A dangerous insider turned cybercriminal is facing 20 years in prison after hacking into America’s largest telcos

Hack, Extort, Repeat

Ex-U.S. soldier pleads guilty to breaching AT&T, Verizon, and 10 telecom firms

A dangerous insider turned cybercriminal is facing 20 years in prison after hacking into America’s largest telcos.

Cameron John Wagenius, a former U.S. Army soldier known online as “kiberphant0m,” pleaded guilty to a series of cybercrimes that compromised major telecoms and attempted extortion schemes targeting private companies.

The Department of Justice confirmed Tuesday that Wagenius orchestrated a coordinated brute-force campaign to steal login credentials from at least 10 victim companies, which he then sold or used to commit further fraud, including SIM-swapping attacks.

But it didn’t stop there.

BreachForums, Telegram, and Stolen Records

Wagenius and his associates used Telegram group chats to traffic credentials and plan attacks. They then threatened victims with public leaks—sometimes extorting them in full view of cybercriminal forums like BreachForums.

One particularly damaging breach involved AT&T and Verizon, where Wagenius obtained a large trove of call metadata and customer records, which he used and redistributed to other bad actors.

In some cases, the data was monetized directly. In others, it was weaponized in SIM-swap fraud, allowing attackers to hijack phone numbers and bypass 2FA to steal accounts and cryptocurrency.

The Snowflake Connection

The DOJ also linked Wagenius to earlier breaches tied to Snowflake, a major cloud computing firm that’s been under fire for lax security configurations exploited by threat actors.

The extent of the damage caused by Wagenius’s breaches is still under investigation, but authorities confirmed his actions endangered millions of customer records, and exposed telecom infrastructure to further risk.

Sentencing Looms

Wagenius is scheduled for sentencing on October 6, 2025, and faces up to 20 years in federal prison.

🔒 How SMBs Can Protect Against Insider Threats

Insider threats — whether malicious or accidental — are one of the most dangerous and overlooked risks in cybersecurity. Here’s how SMBs can take action:

• Implement Role-Based Access Controls (RBAC): Limit access to sensitive data based on job function. Only give employees what they need — and nothing more.

• Use Privileged Access Management (PAM): Track and audit what admins and power users are doing. Consider session recording for high-risk accounts.

• Deploy Endpoint Monitoring Tools: Invest in behavioral monitoring to detect unusual file access, data exfiltration, or login anomalies in real time.

• Enable MFA Everywhere: Enforce multi-factor authentication on all accounts, especially those with admin or financial access — and avoid SMS-based 2FA where possible.

• Educate Employees Regularly: Provide security awareness training, especially about phishing, social engineering, and data handling protocols.

• Conduct Regular Offboarding Reviews: Immediately revoke all access when employees leave. Conduct periodic reviews of account privileges and dormant users.

• Create an Anonymous Whistleblower Channel: Encourage reporting of suspicious activity with a safe, internal escalation process.

70% of all cyber attacks target small businesses. I can help protect yours.

====================================

Follow me for mind-blowing information and cybersecurity news. Stay safe and secure!

#InsiderThreats #Cybersecurity #SmallBusinessSecurity #MFA #PrivilegedAccessManagement