Stationed in South Korea, this 20-year-old soldier is believed to be the cybercriminal Kiberphant0m, who sold sensitive documents stolen from AT&T and Verizon.

On December 20, 2024, U.S. federal authorities arrested a 20-year-old U.S. Army soldier, Cameron John Wagenius, suspected of being the cybercriminal known as “Kiberphant0m.” This hacker notably sold call records of sensitive clients, stolen in early 2024 from telecom operators AT&T and Verizon, as part of the Snowflake breach.

In late October 2024, law enforcement had already arrested the mastermind behind this cyberattack, Canadian national Connor Riley Moucka, alias “Judische.” Shortly after this arrest, Kiberphant0m escalated the sale of stolen call logs, claiming they belonged to individuals such as Donald Trump, Kamala Harris, and various government agencies. The hacker also boasted about his involvement in hacking over a dozen companies, including AT&T and Verizon.

Allison Nixon, head of research at Unit 221B, a New York-based cybersecurity firm, praised the swift unmasking of Kiberphant0m. She is among the cybersecurity researchers that Judische and his associates harassed and threatened with violence.

“It’s a dangerous idea, as a member of the military, to extort the president and vice president, but it’s even more dangerous to harass people who specialize in unmasking cybercriminals,” quipped Allison Nixon.

Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.