U.S. Army Soldier Used Cybercrime Tools to Breach Telecom and Tech Companies
Cameron John Wagenius, a 21-year-old former U.S. Army soldier, has pleaded guilty to hacking and extorting at least ten major technology and telecommunications companies, including AT&T and Verizon. His actions were part of a larger cybercrime conspiracy that unfolded while he was still on active duty.
According to the U.S. Department of Justice (DoJ), Wagenius operated under several online aliases—kiberphant0m, cyb3rph4nt0m, and buttholio—between April 2023 and December 2024. During that time, he and co-conspirators used stolen credentials to infiltrate protected computer networks and demanded ransoms from affected companies.
“Between April 2023 and Dec. 18, 2024, Cameron John Wagenius, 21, used online accounts associated with the nickname ‘kiberphant0m’ and conspired with others to defraud at least 10 victim organizations,” the U.S. DoJ said in a statement.
Use of SSH Brute Tools, Telegram, and SIM-Swapping
The group employed a brute-force tool known as SSH Brute to steal login credentials and gain unauthorized access to internal systems. Once inside, they:
- Shared stolen credentials through Telegram chat groups
- Conducted SIM-swapping attacks
- Advertised and sold stolen data on BreachForums and XSS.is
The cybercriminals used these forums to pressure victims into paying large sums—up to $1 million—to prevent public leaks of stolen data.
One such demand involved a threat to release over 358GB of confidential data unless the victim initiated ransom negotiations. In another case, Wagenius emailed a company demanding $500,000 in cryptocurrency.
Links to Snowflake Hack and Previous Charges
Wagenius also pleaded guilty in February 2025 to hacking incidents involving AT&T and Verizon—companies also targeted by cybercriminals Connor Moucka and John Binns in a separate high-profile case linked to the Snowflake data breach.
His most recent indictment, filed on July 14, included charges of:
- Wire fraud conspiracy
- Aggravated identity theft
- Extortion related to computer fraud
These are in addition to his previous guilty plea for two counts of unlawful transfer of confidential phone record information.
Faces Up to 27 Years in Prison
Wagenius entered a plea deal one day after his indictment, admitting guilt to all three major charges. He now faces a maximum sentence of 27 years in prison, with a final judgment expected on October 6. The court may also factor in time for his earlier convictions involving confidential phone records.
