Sep 19, 2025Ravie LakshmananRansomware / Cybercrime
Regulation enforcement authorities within the U.Okay. have arrested two teen members of the Scattered Spider hacking group in reference to their alleged participation in an August 2024 cyber assault focusing on Transport for London (TfL), the town’s public transportation company.
Thalha Jubair (aka EarthtoStar, Brad, Austin, and @autistic), 19, from East London and Owen Flowers, 18, from Walsall, West Midlands had been arrested at their dwelling addresses on Tuesday, the Nationwide Crime Company (NCA) stated. They’re 19 and 18, respectively.
It is price noting that Flowers was initially arrested for his alleged involvement within the TfL assault in September 2024, however was subsequently launched on bail. The company stated it discovered proof of Flowers focusing on U.S. healthcare corporations, and that he has additionally been charged with conspiring with others to infiltrate and injury the networks of SSM Well being Care Company and Sutter Well being.
Jubair has additionally been charged beneath the Regulation of Investigatory Powers Act (RIPA) 2000 for failing to give up PINs and passwords for gadgets seized by regulation enforcement from him on March 19, 2025.
“This assault brought about vital disruption and hundreds of thousands in losses to TfL, a part of the UK’s crucial nationwide infrastructure,” Deputy Director Paul Foster, head of the NCA’s Nationwide Cyber Crime Unit, stated. “Earlier this yr, the NCA warned of a rise within the risk from cyber criminals primarily based within the U.Okay. and different English-speaking international locations, of which Scattered Spider is a transparent instance.”
In tandem, the U.S. Division of Justice (DoJ) unsealed a criticism charging Jubair with conspiracies to commit laptop fraud, wire fraud, and cash laundering in relation to no less than 120 laptop community intrusions and extorting 47 U.S. entities from Could 2022 to September 2025.
These assaults concerned using social engineering methods to realize unauthorized entry to the goal networks, after which leveraging that entry to steal and encrypt info, and demand ransom from victims in return for regaining management and stopping the leak of the exfiltrated information.
In keeping with the criticism, victims paid no less than $115,000,000 in ransom funds. The incidents, the DoJ added, brought about widespread disruption to U.S. companies and organizations, together with crucial infrastructure and the federal court docket system, in October 2024 and January 2025.
In July 2024, the DoJ stated regulation enforcement seized cryptocurrency wallets on a server allegedly managed by Jubair and confiscated digital belongings price about $36 million on the time. Jubair can also be stated to have transferred a portion of the proceeds that originated from one of many victims, price about $8.4 million on the time, to a different pockets.
Jubair has been charged with laptop fraud conspiracy, two counts of laptop fraud, wire fraud conspiracy, two counts of wire fraud, and cash laundering conspiracy. If convicted, he faces a most penalty of 95 years in jail.
“Jubair went to nice and complex lengths to maintain himself nameless whereas he and his felony associates continued to assault these victims and extort tens of hundreds of thousands of {dollars} in ransom funds,” stated Alina Habba, Performing U.S. Legal professional and Particular Legal professional for the District of New Jersey.
