Cameron John Wagenius has pleaded guilty to additional charges related to hacking into US telecommunications companies, including fraud and identity theft. The former US Army soldier was accused of hacking into AT&T and Verizon systems and leaking presidential call logs, according to the US Department of Justice.
Between April 2023 and December 2024, while on active duty with the US Army, Cameron John Wagenius, 21, engaged in extensive hacking and extortion activities under the alias ‘kiberphant0m’. Working with co-conspirators, Wagenius aimed to defraud at least 10 organizations by obtaining login credentials for their networks. Court documents reveal that these credentials were acquired using a hacking tool called SSH Brute and other unspecified methods, with stolen login information and discussions about network access being shared via Telegram group chats.
Following unauthorized access, the hackers exfiltrated data from the compromised networks and proceeded to extort their victims.
These extortion attempts were carried out through both private communications and public forums, with threats to publish the stolen information on well-known cybercrime portals such as BreachForums and XSS.is. The suspects also actively offered and successfully sold some of the stolen data on these forums, further leveraging the information in other fraudulent schemes, including SIM swapping.
The former US Army soldier and his co-conspirators sought to extort over $1 million from the victim companies. Wagenius, who was arrested in December 2024, pleaded guilty to wire fraud conspiracy and extortion charges, which carry maximum penalties of 20 and five years in prison, respectively. He also pleaded guilty to identity theft charges, which mandate a consecutive two-year prison sentence.
Notably, he had previously pleaded guilty to sharing confidential phone records in connection with these attacks.
While the victim organizations have not been officially named by the Department of Justice, investigative journalist Brian Krebs reported that Wagenius was selling phone records stolen from AT&T and Verizon. He was also likely involved in the extensive Snowflake hacking campaign that impacted hundreds of organizations. Wagenius’ co-conspirators include Canadian national Connor Riley Moucka, also known as Judische, who was arrested in late October 2024 in connection to the Snowflake account hacking, and John Erin Binns, who was involved in the AT&T hack and previously claimed responsibility for the 2021 T-Mobile hack. Binns was arrested in Turkey in May 2024.
Wagenius is scheduled to be sentenced on October 6, 2025, and faces a maximum sentence of 27 years in prison across all charges.
Reference:
