Two British Teens Charged Over Scattered Spider Hacks

Two British teenagers have been arrested and charged by UK authorities for their alleged ties to the Scattered Spider cybercriminal collective. 

According to the UK National Crime Agency (NCA) on Thursday, the two were arrested Tuesday at their home addresses and are identified as UK nationals Thalha Jubair, 19, and Owen Flowers, 18. The arrests were made in connection with an August 2024 cyberattack on Transport for London, the local government body responsible for most of London's transport network.

The Justice Department on Thursday also unveiled charges against Jubair, citing his role in at least 120 intrusions. According to the DoJ, Jubair allegedly accessed the networks of and extorted 47 U.S. entities between May 2022 and September 2025. The DoJ said that Jubair could face a maximum of 95 years in prison if convicted. 

“Jubair is alleged to have participated in a sweeping cyber extortion scheme carried out by a group known as Scattered Spider, which committed at least 120 attacks worldwide and resulted in over $115 million in ransom payments from victims,” said Acting Assistant Attorney General Matthew R. Galeotti with the Justice Department’s Criminal Division in a Thursday statement. “These malicious attacks caused widespread disruption to U.S. businesses and organizations, including critical infrastructure and the federal court system, highlighting the significant and growing threat posed by brazen cybercriminals.”

Scattered Spider has rocked the world with its brazen cyberattacks and crafty social engineering techniques since the group first emerged in 2022, hitting high-profile victims like Caesars Entertainment, MGM Resorts International, and more. 

Court documents related to the DoJ charges outlined several incidents tied back to Jubair and detailed several of the techniques that Scattered Spider members are known to use in attacks. 

“Jubair is alleged to have participated in a sweeping cyber extortion scheme carried out by a group known as Scattered Spider, which committed at least 120 attacks worldwide and resulted in over $115 million in ransom payments from victims."

For instance, in an attack in January 2025, the DoJ said Jubair and other members used social engineering to gain unauthorized access to the U.S. Courts system, by convincing helpdesk personnel used by the networks to administer a password reset for an account. This hack allowed the group to exfiltrate data like names, mobile numbers, and usernames for U.S. Courts personnel. They searched the inbox of a federal magistrate judge’s compromised account for terms like “subpoena” and “scattered spider.”

According to the DoJ’s release, portions of the ransom payments from five victims were sent to wallets on a server that was controlled by Jubair. In 2024, when law enforcement seized that server, Jubair transferred a portion of the cryptocurrency from one of the victims (worth $8.4 million at the time) to another wallet.

Court documents showed how an FBI agent linked Jubair to the server above. Blockchain analysis revealed that cryptocurrency in a wallet was discovered on the server, which was used to purchase two gift cards in 2022 and 2023. The gift cards were linked to a “food delivery company”, which provided information for an account used to order items delivered to Jubair’s apartment complex. 

Jubair is charged with computer fraud conspiracy, two counts of computer fraud, wire fraud conspiracy, two counts of wire fraud, and money laundering conspiracy. According to the NCA, Jubair and Flowers appeared at Westminster Magistrates Court on Sept. 18. 

“Today’s charges are a key step in what has been a lengthy and complex investigation,” said Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, in a statement. “This attack caused significant disruption and millions in losses to TfL, part of the UK’s critical national infrastructure. Earlier this year, the NCA warned of an increase in the threat from cyber criminals based in the UK and other English-speaking countries, of which Scattered Spider is a clear example. The NCA, UK policing and our international partners, including the FBI, are collectively committed to identifying offenders within these networks and ensuring they face justice.”