UK law enforcement arrested two people in connection with the infamous Scattered Spider cybercriminal ring, which allegedly hacked the Transport for London government body. One of the alleged threat actors has also been charged in the United States.
Two teens arrested in connection with Scattered Spider
Thalha Jubair, 19, was charged in the US with conspiracies to commit computer fraud, wire fraud, and money laundering. He allegedly carried out at least 120 computer network intrusions and extortion involving 47 U.S. entities.
“As alleged by the complaint, Jubair went to great and sophisticated lengths to keep himself anonymous while he and his criminal associates continued to attack these victims and extort tens of millions of dollars in ransom payments,” said Alina Habba, acting U.S. attorney and special attorney for the District of New Jersey, in a press release on Thursday.
A second person allegedly connected to Scattered Spider, Owen Flowers, 18, was arrested in the UK on Sept. 16 in connection with a computer intrusion against critical infrastructure. Law enforcement connected Flowers with attacks on SSM Health Care Corporation and Sutter Health in the US.
Scattered Spider was allegedly behind the cyberattack on Transport for London in August 2024. The attackers accessed customer data and interrupted online services, but did not disrupt public transit.
Jubair and Flowers were arrested at their home addresses on Sept. 16 by the UK’s National Crime Agency and the City of London Police.
Separate from the U.S. investigation, both teens were charged on Sept. 18 with conspiracy to commit unauthorized acts as defined by the Computer Misuse Act.
If convicted, Jubair could face up to 95 years in jail. The punishment may be designed to discourage any copycat attacks or to frighten other members of Scattered Spider.
Scattered Spider collected ransoms in crypto
First emerging in May 2022, Scattered Spider, which is also known as Octo Tempst, has allegedly been responsible for hundreds of attacks on large organizations, including healthcare companies, retail chains, insurance companies, and airlines.
The group allegedly uses social engineering as part of their hacks, sometimes posing as help desk personnel. They have also been connected with ransomware and SMS phishing attacks.
Microsoft Security classifies Scattered Spider as financially motivated. The U.S. Department of Justice said Jubair and his associates received more than $115 million in ransomware payments, some of which were in cryptocurrency.
