Zach Edwards
@thezedwards
Followers
7K
Following
22K
Media
5K
Statuses
19K
privacy & data supply chain research / Senior Threat Analyst @SilentPush / politico / #build🔥🕸 ρᔕ𝐞ỮĎ𝔬Ňʸ๓Øᵘ丂 / [email protected]
Joined April 2010
Our team at Silent Push has been hard at work on the largest report we’ve ever made public – and along with Reuters – today we’re explaining how North Korean threat actors associated with the “Contagious Interview” subgroup created 3 front companies...🧵
1
40
167
"There’s no way to access a log of what the Friend has picked up, so I have no idea what it heard and what it didn’t." That's potentially a "Right to Know" violation under a few privacy frameworks cc @CalPrivacy
"I found out quickly that even at the most tech-minded gatherings, the thing was a complete taboo. After the device started to ship to users, one person on X said there should be a slur for people who wear AI devices that record those around them."
0
0
0
The narrative behind a drug drop off having 11 dudes on the boat makes no sense. It would have been more believable if the Trump admin had said they wiped out a soccer team sponsored by a drug cartel. I hope Congress gets to the bottom of whatever happened.
It seems painfully evident that we lacked legal, moral, or other justification for the killing of eleven individuals aboard a small boat in the Caribbean. It’s clear the Trump administration, having begun by obfuscating and lying, is now simply stonewalling. They fear the truth.
1
0
1
It was a glorious day until I realized that instead of purchasing the CD installation kit we got ~100 2MB floppy disks.
Today is the 30th anniversary of the release of Windows 95. It was a very memorable day. Special thanks to the team and all those who made it happen.
1
2
9
I wonder if that new OpenX lawsuit against Google ends up with Google explaining what OpenX improperly did with the Google cookie_push user data syncing infrastructure around 2019. ¯\_(ツ)_/¯
@tim_libert @WolfieChristl Last time I investigated a cookie-push syncing page ( https://t.co/z9PElUc1W4) I found that OpenX was creating their own cookie_push within Google's unsafe process. Google broke that after the research, and the guy leading their ads "left to get into banking" or some shit.🔜⛈️⚖️
0
0
5
Our team @silentpush just dropped a definitive look at SocGholish (operated by TA569) and the initial access broker ecosystem they are facilitating. Big thanks to past researchers who have worked on SocGholish! We've got details about our visibility @ https://t.co/BndT67pe3y 🖖🏻
0
2
2
Allegedly a member of The Com ⬇️
1/2 I am pleased to share that Cameron Redman was convicted today and ordered to pay restitution as a result of my investigation. In June 2022 X panel access was sold for 250 ETH which resulted in 10+ account compromises (JRNY, Beeple, Nouns, Zeneca, DeeKay, etc) and millions
0
0
0
This has been another thread based on my fascination with money laundering and how criminals cash out from these while also being caught through these same schemes.
0
0
1
Attached is vis we have into Scattered Spider's evolutions in 2025 with their phishing kits and code -- it did always seem to indicate new leadership changes in 2025 ( https://t.co/8UHoNne7t9). We've definitely now seen that with changes in their TTPs, but also cash out schemes?
1
0
0
Whatever senior leadership at Scattered Spider has shifted strategies to "voice phishing as a primary initial attack vector" in 2025 is basically the ElonmuskWHM money laundering strategy for initial access vectors. It's like a voice doxxing as a service effort. I find it wild!
1
0
0
The fact that all these UK retailers were popped and then we're seeing such quick turnaround on arrests, many of those kids arrested may not only have technical / financial ties, but they may have also had their voices recorded in attacks to further force them to confess.
1
0
0
random note: I think it's really wild that Scattered Spider has shifted back to voice phishing as a primary initial access vector. These kids making these phone calls are being given terrible OpSec advice & being thrown as lambs to slaughter. Your voices are permanently tracked.
1
0
1
This is a good day to upgrade your 404media account and read their paywalled piece on the ElonmuskWHM money laundering network and how it was used by the FBI to catch Scattered Spider member Remington “remi” Ogletree: https://t.co/hS4qE4ardT
404media.co
In 2023 the FBI quietly arrested a notorious money launderer called ElonmuskWHM. Then the FBI secretly ran his operation for nearly a year to catch (and give money to) more criminals.
1
0
1
People within the Scattered Spider community were apparently still recommending the ElonmuskWHM money laundering network even after it was compromised by the FBI. And even though ElonmuskWHM was seeming not active in 2025, these services are still "needed" by SS members...
1
0
0
And 404media is the ~only org I've seen who has actually parsed the court documents from Scattered Spider member Remington “remi” Ogletree to see exactly how he used the ElonmuskWHM money laundering network to get caught.🕸️ The details are too good to share outside their paywall.
1
0
0
FBI sent the ElonmuskWHM admin several youtube links for obscure videos... then demanded from Google IP address logs for people who watched.. And it's unclear if Google ever responded to this! fun!
1
0
1
Some of the facts from the 404 piece includes: remi from SS was caught via ElonmuskWHM payments In total, FBI was running the ElonmuskWHM money laundering network for 11 months.. ElonmuskWHM laundered $90 million, post-FBI 80 cash pickups for over $15 million + more 💸📫via mail
1
0
0
I'm a big fan of the piece that @404mediaco and @josephfcox did on the ElonmuskWHM operators arrest in 2023 & how FBI took over this crypto to cash money laundering network @ https://t.co/hS4qE4ardT The court docs showed that we were only getting a glimpse of the story..
404media.co
In 2023 the FBI quietly arrested a notorious money launderer called ElonmuskWHM. Then the FBI secretly ran his operation for nearly a year to catch (and give money to) more criminals.
1
0
0
But almost no one paid attention to how one Remington “remi” Ogletree from Scattered Spider was arrested, and I think it's really important to analyze how previous SS members have been caught, especially since the group appears to have evolved in 2025.
1
0
0
All of these SS members who are flush with cash are likely still looking for crypto to cash services, and it stands to reason that FBI wouldn't shut down one honeypot without trying to restart the effort elsewhere. And maybe the "money laundering" charges in the UK are unique...
1
0
0
I don't think that the ElonmuskWHM money laundering network is still operating. There's been a ton of court documents and news articles referencing it, and the details seem to indicate the FBI operated it from 2023-2024. So closed it down before the 2025 UK attacks by SS.
1
0
0