US Army Soldier “kiberphant0m” Pleads Guilty to Telecom Hacking & $1M Extortion Scheme

Cameron John Wagenius, a 21-year-old former U.S. Army soldier stationed in Texas, has pleaded guilty to conspiring to hack into telecommunications companies, steal sensitive data, and extort victims for financial gain. Operating under the alias “kiberphant0m,” Wagenius was an active-duty servicemember when he coordinated these attacks across digital underground forums.

“Wagenius pleaded guilty to conspiracy to commit wire fraud, extortion in relation to computer fraud, and aggravated identity theft,” the Department of Justice stated in its press release.

Between April 2023 and December 2024, Wagenius and his co-conspirators infiltrated the networks of at least 10 telecommunications companies, leveraging tools like SSH Brute—a password-cracking utility—and stolen login credentials to gain access to protected systems.

“The conspirators obtained these credentials using a hacking tool that they called SSH Brute… They used Telegram group chats to transfer stolen credentials and discuss gaining unauthorized access,” the court documents revealed.

Once inside, the group exfiltrated sensitive records, including customer data, and then demanded ransom payments from the victim organizations. If their demands were not met, they threatened to post the data on notorious cybercrime forums such as BreachForums and XSS.is.

Wagenius and his group publicly advertised the stolen data for sale—often demanding thousands of dollars per dataset—and successfully sold portions of the information. They also used some of the stolen data to launch SIM-swapping attacks, a form of identity theft used to take over victims’ phone numbers and gain access to their accounts.

“The conspirators offered to sell stolen data for thousands of dollars via posts on these forums… They successfully sold at least some of this stolen data,” prosecutors confirmed.

The campaign aimed to extort at least $1 million from its victims.

Related Posts:

• $3 Million Bitcoin Ransom: Brazilian Man Charged in US Cyber Extortion
• Leak: NSA and US Army can capture Tor, I2P, VPNs to monitor Monero users
• CVE-2024-6695 (CVSS 9.8) in Popular WordPress Plugin Exposes 50,000 Sites to Admin Hijacking
• Pro-Russian Threat Actors Launch Coordinated DDoS Attacks Against Japanese Organizations
• 25 of the top-ranking hackers worldwide take part in Hack the Air Force 2.0