Authorities in the UK have arrested and charged two individuals for their alleged roles in the infamous hacking group Scattered Spider. One of them has been charged in the US as well.
The suspects, Thalha Jubair, 19, from East London, and Owen Flowers, 18, from Walsall, West Midlands, were charged in the UK for a cyberattack on Transport for London (TfL) that disrupted certain services, with no actual impact on transportation.
Flowers was initially arrested in September 2024 in connection with the attack, but the investigators have uncovered evidence linking him to intrusions at US healthcare organizations and have now brought additional charges against him.
On Thursday, US law enforcement unsealed a complaint charging Jubair over his alleged involvement in over 120 cyberattacks against organizations worldwide, including 47 US entities.
According to the complaint, Jubair (aka ‘EarthtoStar’, ‘Brad’, ‘Austin’, and ‘@autistic’) and his co-conspirators used social engineering to hack into organizations’ networks, stole and encrypted data, and extorted the victims by demanding ransom payments in exchange for not leaking the stolen data online.
Between May 2022 and September 2025, the complaint alleges, Jubair and his co-conspirators hacked into at least 120 networks and received more than $115 million in ransom payments.
“These malicious attacks caused widespread disruption to U.S. businesses and organizations, including critical infrastructure and the federal court system, highlighting the significant and growing threat posed by brazen cybercriminals,” Acting Assistant Attorney General Matthew R. Galeotti said.
According to the complaint, Jubair was in control of wallets and servers in which approximately $36 million in cryptocurrency was stored. In July 2024, when authorities were seizing the servers, Jubair transferred approximately $8.4 million to another wallet.
The US charged Jubair with computer fraud, wire fraud, and money laundering conspiracy. He faces up to 95 years in prison.
Over the past year, authorities have arrested, charged, and sentenced several other individuals for their alleged ties with the Scattered Spider group.
The latest arrests and charges were announced just as the Scattered Spider hacking group, also known as Octo Tempest, UNC3944, and 0ktapus, announced its retirement.
The cybersecurity industry is skeptical of the claims, and ReliaQuest has since found evidence that the cybercriminals continue to be active, with their latest attacks targeting the financial sector.
Related: BreachForums Owner Sent to Prison in Resentencing
Related: US Announces Botnet Takedown, Charges Against Russian Administrators
Related: Developer Who Hacked Former Employer’s Systems Sentenced to Prison
Related: VP Harris Says US Agencies Must Show Their AI Tools Aren’t Harming People’s Safety or Rights
