Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Microsoft Device ID Reveals Scattered Spider Hacker

Microsoft Device ID Reveals Scattered Spider Hacker

Posted on July 7, 2026 By CWS

In a significant breakthrough in cybersecurity, the use of a Microsoft device identifier has led to the identification and arrest of a suspected member of the Scattered Spider hacking group. This development was outlined in a federal complaint filed in Illinois, highlighting the role of this unique device ID in piercing the veil of anonymity surrounding the suspect.

Arrest of Alleged Hacker in Finland

The accused, 19-year-old Peter Stokes, a dual citizen of the U.S. and Estonia, was detained in Finland on April 10, 2026. Stokes, known online by aliases such as “Bouquet” and “Spencer,” was apprehended while preparing to travel to Japan, carrying two large-capacity hard drives. He faces extradition to the United States where he will confront charges related to computer fraud, wire fraud, and conspiracy under the Computer Fraud and Abuse Act.

Authorities allege Stokes is part of the Scattered Spider group, also known as Octo Tempest, UNC3944, and 0ktapus. This collective has been linked to over 100 cyber intrusions and demands exceeding $100 million in ransom payments.

Role of Microsoft’s Global Device Identifier

A key element in the investigation was Microsoft’s Global Device Identifier (GDID), which played a crucial role in tracing Stokes’s activities. This identifier is embedded in every Windows installation and is instrumental for Microsoft in performing diagnostic and telemetry tasks. Its persistence proved to be a weakness in Stokes’s operational security, leading investigators to connect him to various cyber activities.

The complaint details an attack on a luxury retailer, dubbed “Company F,” which began with a series of voice-phishing attempts targeting the company’s IT help desk. Within a short time, the attackers compromised several accounts, including high-level administrative accounts, and implemented an encrypted tunnel using ngrok to infiltrate the company’s systems securely.

Tracing Cyber Activities and Legal Implications

Investigators were able to link the GDID to an ngrok account created with a specific IP address. This connection was crucial in tracing the cyber operations back to Stokes. Further analysis matched this digital footprint with accounts belonging to Stokes on platforms like Apple and Facebook, all tied to locations he had visited, as confirmed by his travel records and social media activity.

This case underscores the limitations of anonymity technologies, which often protect the network layer but not the individual devices involved. The lack of a comprehensive policy from Microsoft regarding the sharing of GDID data with law enforcement raises questions about privacy and transparency.

As the legal proceedings continue, this case serves as a stark reminder of the complexities involved in cybersecurity and the enduring challenge of safeguarding digital privacy while pursuing justice against cybercriminals.

Cyber Security News Tags:computer fraud, cybercrime investigation, Cybersecurity, device ID, federal charges, GDID, hacker arrest, INTERPOL, luxury retailer, MFA resets, Microsoft, Ransomware, Scattered Spider, telemetry data, U.S.-Estonian citizen

Post navigation

Previous Post: Critical Vulnerabilities Fixed in BeyondTrust Support Products
Next Post: Critical BeyondTrust Vulnerabilities Enable Access Control Bypass

Related Posts

Namastex npm Packages Compromised with CanisterWorm Malware Namastex npm Packages Compromised with CanisterWorm Malware Cyber Security News
Russian Basketball Player Arrested over Alleged Ransomware Attack Claims Russian Basketball Player Arrested over Alleged Ransomware Attack Claims Cyber Security News
Critical SAP NetWeaver Vulnerabilities Fixed in June Patch Critical SAP NetWeaver Vulnerabilities Fixed in June Patch Cyber Security News
ClickFix Attack Evolves: New Tactics Bypass Detection ClickFix Attack Evolves: New Tactics Bypass Detection Cyber Security News
New Tech Support Scam with Microsoft’s Logo Tricks Users to Steal Login Credentials New Tech Support Scam with Microsoft’s Logo Tricks Users to Steal Login Credentials Cyber Security News
Microsoft to Restrict Windows 11 Auto Installs Due to RCE Flaw Microsoft to Restrict Windows 11 Auto Installs Due to RCE Flaw Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert
  • RedWing Malware Offers Banking Fraud via Telegram
  • Enhancing AI SOC SLA: Transitioning from 2019 to 2026 Standards
  • County Pays $1 Million to Prevent Data Leak, Reports Show

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert
  • RedWing Malware Offers Banking Fraud via Telegram
  • Enhancing AI SOC SLA: Transitioning from 2019 to 2026 Standards
  • County Pays $1 Million to Prevent Data Leak, Reports Show

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark