Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Home Cyber Crime Teens Arrested Over Scattered Spider’s $115M Hacking Spree
Cyber Crime Ransom Payment Ransomware Scattered Spider Social Engineering

Teens Arrested Over Scattered Spider’s $115M Hacking Spree

The UK's National Crime Agency arrested 19-year-old Thalha Jubair of East London and 18-year-old Owen Flowers of Walsall, West Midlands.
September 26, 2025

 

Law enforcement authorities in the United States and United Kingdom have arrested two teenagers connected to the notorious Scattered Spider hacking collective, charging them with executing an extensive cybercrime operation that netted over $115 million in ransom payments.

The UK's National Crime Agency arrested 19-year-old Thalha Jubair of East London and 18-year-old Owen Flowers of Walsall, West Midlands, at their homes on Tuesday. Both suspects appeared in London court on Thursday to face charges related to their alleged involvement in a cyberattack against Transport for London (TfL) in August 2024 .

Scale of criminal activity

The US Justice Department has charged Jubair with participating in at least 120 computer network intrusions and extortion attempts targeting 47 US organizations from May 2022 to September 2025. Federal authorities allege these attacks caused victims to pay more than $115 million in ransom payments, with the malicious activities causing significant disruptions to US enterprises, critical infrastructure, and the federal judicial system.

Timeline of offenses

Investigators believe Jubair began his cybercriminal activities at age 14, with the hacking spree spanning from 2022 until last month. Flowers was initially arrested in September 2024 for the TfL attack but was released on bail before being rearrested l. Both suspects had previously been detained in July for data theft incidents targeting UK retailers including Marks & Spencer, Harrods, and Co-op Group.

Scattered Spider distinguishes itself from other cybercriminal organizations through the notably young age of its members and their English-speaking proficiency. The group employs sophisticated social engineering tactics, frequently impersonating IT support personnel to deceive employees into revealing passwords or installing remote access software. Their attacks have disrupted major organizations including MGM Resorts and Caesars Entertainment in Las Vegas during 2023.

Legal consequences 

Jubair faces multiple charges related to computer fraud and money laundering, with prosecutors indicating he could receive a maximum sentence of 95 years in prison if convicted. Investigators linked the breaches to Jubair through evidence showing he managed servers hosting cryptocurrency wallets used for receiving ransom payments. 

Flowers faces additional charges for conspiring to infiltrate and damage networks of US healthcare companies SSM Health Care Corporation and Sutter Health.
Tags: Cyber Crime Ransom Payment Ransomware Scattered Spider Social Engineering
Share it:

Cyber Crime

Ransom Payment

Ransomware

Scattered Spider

Social Engineering