US Charges British Teenager in 'Scattered Spider' Hacking Case

Cyberattack Allegations Leveled Against British Teenagers

Federal charges were unsealed by the U.S. Department of Justice on Thursday against Thalha Jubair, a British national aged 19. Prosecutors allege his participation in a minimum of 120 cyberattacks. These attacks included breaches of the U.S. Courts system and the extortion of numerous U.S. businesses.

Arrests and Initial Court Appearances

Jubair was apprehended at his residence in East London on Tuesday, as confirmed by the National Crime Agency. He, along with Owen Flowers, an 18-year-old, made their initial court appearance in London on Thursday morning.

Both individuals face accusations of involvement in a 2024 cyberattack directed at Transport for London. This government agency manages London’s public transportation network. The attack led to a data breach and necessitated a recovery period spanning several months.

Attribution to Scattered Spider

The National Crime Agency has linked the intrusion into the London transit system’s IT infrastructure to the hacking group known as Scattered Spider.

Both Jubair and Flowers have been remanded into custody, with further court dates pending, according to reports from BBC News.

Understanding Scattered Spider

Scattered Spider is characterized as a financially driven group of cybercriminals who primarily communicate in English. The group largely consists of teenagers and young adults, and are sometimes labeled as “advanced persistent teenagers” due to their consistent and sophisticated cyberattacks.

These hackers frequently gain access to a large number of organizations. They often employ relatively uncomplicated social engineering tactics, such as impersonating employees to IT help desks to reset passwords.

Connections to “the Com”

The group is also known for its association with a wider cybercrime community referred to as “the Com.” This collective sometimes extends beyond the digital realm, incorporating real-world intimidation tactics and even acts of violence, including “swatting.”

Federal Charges Filed Against Individual for Targeting U.S. Companies

In addition to existing federal charges, U.S. prosecutors in New Jersey have indicated that Jubair is now facing accusations of computer hacking, extortion, and money laundering. These charges stem from numerous cyberattacks where corporate entities were compelled to pay over $115 million in ransom.

Details of the Investigation

The FBI’s criminal complaint details that in July 2024, servers believed to be operated by Jubair were seized. Evidence discovered on these servers suggests involvement in at least 120 separate hacking incidents, with 47 of those targeting companies within the United States.

Prosecutors allege that Jubair employed social engineering techniques to infiltrate company networks. This allowed for the theft of sensitive internal data, followed by the encryption of victim servers.

Critical Infrastructure Targeted

Among the victims was a critical infrastructure company located in New Jersey. The FBI discovered over one gigabyte of data stolen from this company on servers allegedly controlled by Jubair.

Furthermore, browsing history found on these servers indicated apparent logins to the critical infrastructure company’s systems.

Breach of U.S. Courts System

The FBI also attributes a breach of the U.S. Courts system to Jubair. During January 2025, it is alleged that Jubair and associates contacted the U.S. Courts’ help desk.

This contact was reportedly used to gain access to three user accounts, including one belonging to a federal magistrate judge, with the intention of gathering information related to the “Scattered Spider” hacking group.

Exploitation of Legal Processes

The hackers allegedly utilized a compromised account to submit an emergency information disclosure request to an unnamed financial services provider.

This tactic, common among these groups, aims to deceive companies into releasing user information under the guise of a legitimate legal request.

Evidence Linking to the U.S. Courts Hack

The FBI confirmed that the seized server was utilized for searches connected to the U.S. Courts hack and for transmitting the emergency request to the financial institution.

Reports from Bloomberg in August indicated that Scattered Spider hackers had infiltrated the U.S. Courts system to seek information about themselves, including the sealed indictment of Noah Urban, a convicted member of the group.

Financial Gains and Transfers

Upon seizure, Jubair’s servers contained a cryptocurrency wallet holding approximately $36 million. A significant portion of these funds is traceable to ransom payments made by victim companies.

However, the FBI reports that approximately $8.4 million was transferred from the wallet while authorities were taking control of the server.