Cameron John Wagenius, a 21-year-old former U.S. Army soldier from Texas, has pleaded guilty to federal charges stemming from a wide-ranging cybercrime and extortion scheme that targeted major telecommunications providers, including AT&T and Verizon. The admissions of guilt follow a federal investigation into a coordinated hacking operation that spanned from April 2023 through December 2024.
Operating under online aliases such as “kiberphant0m” and “cyb3rph4nt0m,” Wagenius conspired with others to gain unauthorized access to the internal systems of at least ten companies. He obtained sensitive data, including customer records and call logs, which were then used to carry out extortion attempts. Prosecutors say Wagenius and his co-conspirators demanded at least $1 million in ransom payments, threatening to release or sell the data if their demands were not met.
Authorities revealed that the group used brute-force credential attacks and other intrusion techniques to breach corporate networks. They coordinated much of their activity through Telegram chat groups, where they discussed targets and exchanged stolen access credentials. The attackers advertised their breaches on underground forums such as BreachForums and XSS.is, at times offering stolen data for sale and naming companies that refused to meet their ransom demands.
Some of the compromised information was used to enable additional criminal acts, including SIM-swapping attacks. These methods allowed the hackers to hijack phone numbers and gain access to victims’ online accounts for further fraud and identity theft.
Wagenius, who was on active duty with the U.S. Army during much of the criminal activity, admitted to unlawfully transferring private phone records and participating in computer fraud. His guilty plea includes charges of conspiracy to commit wire fraud, extortion in relation to computer fraud, and aggravated identity theft. These offenses carry significant penalties, including a maximum of 20 years for the conspiracy charge, up to 5 years for extortion, and a mandatory two-year term for identity theft, which must be served consecutively. Wagenius faces up to 27 years in federal prison and is scheduled for sentencing on October 6, 2025.
The case was investigated by multiple federal agencies, including the FBI, the U.S. Department of Defense’s Criminal Investigative Service, and the Army’s Criminal Investigation Division. Private cybersecurity firms also played a role in tracking the group’s online activity and linking the breaches to Wagenius and his associates.
Among the co-conspirators identified are Canadian national Connor Riley Moucka and John Erin Binns, both of whom have been connected to other high-profile cyberattacks. Together, the group allegedly orchestrated or promoted attacks that compromised wide segments of critical telecommunications infrastructure.
