A former US Army soldier posted in Texas has pleaded guilty to charges linked to a large scale cybercrime conspiracy that involved hacking into telecommunications companies’ networks, stealing sensitive data, and demanding ransom under threat of public exposure. Cameron John Wagenius, 21, self-confessed to his role in a plot to infiltrate at least 10 organizations between April 2023 and December 18, 2024.
The court documents reveal that while still serving in the military, Wagenius was actively involved in cybercriminal operations using the online alias “kiberphant0m.”
Ex-Army Soldier Hacking Case
According to prosecutors, Cameron John Wagenius and his co-conspirators used hacking tools such as SSH Brute to obtain login credentials for protected systems. They reportedly communicated through encrypted Telegram group chats where they shared stolen credentials and planned how to gain unauthorized access to corporate networks.
Once inside, the group stole sensitive information and launched extortion campaigns. The threats were made both in private messages to the affected companies and in public forums such as BreachForums and XSS.is, well-known platforms for cybercriminal activity.
In these posts, the conspirators not only threatened to leak the stolen data but also offered it for sale, sometimes demanding thousands of dollars per transaction.
$1 Million Extortion Attempt and SIM-Swapping Fraud
The Justice Department reported that the group attempted to extort at least $1 million from the victim organizations. They also used the stolen data for further fraud schemes, including SIM-swapping, a technique that allows hackers to take control of victims’ phone numbers to bypass two-factor authentication and gain access to email, banking, and other sensitive accounts.
Cameron John Wagenius pleaded guilty to conspiracy to commit wire fraud, extortion in relation to computer fraud, and aggravated identity theft. He is currently awaiting sentencing, which is scheduled for October 6.
If convicted on all charges, Wagenius faces a maximum of 20 years in prison for conspiracy to commit wire fraud, up to 5 years for computer-related extortion, and a mandatory two-year sentence for aggravated identity theft, which would run consecutively to any other prison time.
Cameron John Wagenius: Previous Guilty Plea in Phone Records Case
Cameron John Wagenius had previously pleaded guilty in a separate case to two counts involving the unlawful transfer of confidential phone records. That case is also connected to the broader hacking conspiracy.
Officials who announced the plea include Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department’s Criminal Division, Acting U.S. Attorney Teal Luthy Miller for the Western District of Washington, Assistant Director Brett Leatherman of the FBI’s Cyber Division, and Special Agent in Charge Kenneth DeChellis of the Department of Defense Office of Inspector General, Defense Criminal Investigative Service (DCIS), Cyber Field Office.
The FBI and DCIS led the investigation. Additional support was provided by the U.S. Army’s Criminal Investigative Division, the U.S. Attorney’s Office for the Western District of Texas, and the National Security Cyber Section. Cyber threat intelligence firms Flashpoint and Unit 221B also contributed to the investigation.
Conclusion
When someone with trusted access, like a soldier, misuses their skills for cybercrime, it raises bigger questions about how we train, monitor, and hold insiders accountable. Cameron John Wagenius, while still an active-duty soldier, used his access and experience to support and lead coordinated cyberattacks. The court will now assess the sentencing based on the U.S. Sentencing Guidelines and other statutory considerations. As the legal process continues, officials have emphasized that efforts to track down other conspirators and disrupt criminal marketplaces where stolen data is traded will remain a top priority.
Companies handling sensitive data must stay one step ahead with stronger security checks, regular monitoring, and better collaboration with law enforcement. Trust is important, but when it comes to data security, trust alone isn’t enough.
