Ex-US Army Soldier Kiberphant0m Pleads Guilty to Ransomware Extortion Related to the AT&T, Verizon Hacks

• What Happened: Cameron John Wagenius pleaded guilty to extra charges in an ongoing lawsuit, including ransomware extortion.
• Fraud Conspiracy: DOJ documents indicate that the individual conspired with others to defraud at least 10 organizations via credential theft.
• Extortion Attempts: The hackers threatened to post the stolen data on popular hacker forums.

Former U.S. Army soldier Cameron John Wagenius, 21, has pleaded guilty to conspiring to hack into telecommunications companies’ databases, double extortion, and threatening to release the stolen data unless ransoms were paid, a U.S. Department of Justice press release said. 

The ex-soldier using the Kiberphant0m dark web alias was arrested in 2024 in connection with the Snowflake-related AT&T and Verizon data leak. In February, Wagenius pleaded guilty to two counts of leaking sensitive call records, facing a maximum of 10 years in prison for each count.

Methods of the Hacking Scheme 

Between April 2023 and December 2024, while on active duty with the U.S. Army, Wagenius collaborated with accomplices to infiltrate secured systems of telecommunications companies. Using tools like “SSH Brute,” a credential-cracking tool, they successfully acquired login credentials for protected networks.

These credentials were shared and discussed in Telegram group chats, where he claimed to own AT&T call logs belonging to high-profile figures like President-elect Donald J. Trump and Vice President Kamala Harris.  

Once the networks were compromised, Wagenius and his associates extracted sensitive data, including customer and internal records. They then turned to ransomware extortion, threatening to publicly leak the stolen data on cybercrime forums such as BreachForums and XSS.is unless ransom payments were made. 

For some victims, stolen records were offered for sale on these same forums, with portions of the stolen data also used in SIM swap fraud, even though Verizon introduced “Number Lock” for protection against SIM swapping in September 2021.

Kiberphant0m claimed responsibility for breaching at least 15 telecommunications companies and was also linked to the 2024 Bharat Sanchar Nigam Limited cyberattack due to suspicion of stealing and trying to sell the exfiltrated data.

Financial Impact and Scope 

Wagenius and his co-conspirators demanded at least $1 million in ransom payments. Although the total paid amount remains under investigation, the scheme inflicted significant financial burdens on the victim organizations.  

Legal Consequences 

Wagenius also pleaded guilty to conspiracy to commit wire fraud, extortion tied to computer fraud, and aggravated identity theft. Facing sentencing in October 2025, he could receive a maximum sentence of 20 years for wire fraud, five years for extortion, and a mandatory additional two years for identity theft. 

Agencies, including the FBI and the Department of Defense Cyber Field Office, played key roles in unraveling this complex operation, demonstrating the rigorous response required to combat emerging cyber threats.