Ex-US Army Soldier “kiberphant0m” Pleads Guilty to $1M Telecom Hacking & Extortion
A former U.S. Army servicemember has pleaded guilty to orchestrating an extensive scheme involving the hacking of telecommunications companies, extortion, and the sale of stolen data. Cameron John Wagenius, 21, who last served in Texas, was part of a cybercriminal group that, between April 2023 and December 2024, systematically breached corporate databases, gained unauthorized access to sensitive information, and issued threats to expose that data unless substantial ransoms were paid.
Operating under the alias “kiberphant0m,” Wagenius collaborated with other members via Telegram, where they exchanged stolen credentials and discussed access to restricted corporate networks. To infiltrate secured systems, they employed a range of tools, including a proprietary utility known as SSH Brute, designed specifically for brute-forcing passwords on SSH servers.
Even while on active military duty, Wagenius continued to coordinate cyberattacks and participate in illicit operations. Once access to internal systems was achieved, the group exfiltrated confidential data, initiating the extortion phase. Communications with victim companies and posts on dark web forums such as BreachForums and XSS.is revealed threats to publicly release the data unless a ransom was paid. In some cases, the stolen information was simply listed for sale, fetching several thousand dollars per lot.
Portions of the compromised data were leveraged in subsequent attacks, including SIM-swapping operations, which enabled the interception of personal accounts and banking credentials. The total amount Wagenius and his co-conspirators sought to extort from data owners exceeded $1 million.
Wagenius pleaded guilty to charges of conspiracy to commit fraud, computer-related extortion, and aggravated identity theft. He had previously admitted to unlawfully sharing confidential call records. A sentencing hearing is scheduled for October 6. The maximum penalties for the charges include up to 27 years in prison: 20 years for fraud, 5 years for extortion, and a mandatory consecutive 2-year term for identity theft.
