A US-Estonian national has been extradited to the United States to face accusations related to his alleged involvement with the notorious cybercriminal group known as Scattered Spider.
Details of the Extradition
The suspect, 19-year-old Peter Stokes, also referred to by the alias ‘Bouquet’, was apprehended in Finland in April while attempting to travel to Japan. He is facing charges that include conspiracy, unauthorized computer access, and fraud.
Stokes is alleged to have participated in a cyber attack in May 2025, targeting a luxury jewelry retailer. The attack involved accessing the company’s computer systems, extracting sensitive data, and demanding an $8 million ransom to be paid in cryptocurrency.
Impact of the Cyber Attack
The targeted retailer successfully removed the intruders from its network without paying the ransom. However, the incident resulted in significant disruptions to business operations, incurring losses estimated at $2 million due to the investigation and recovery efforts.
Scattered Spider, also known by aliases such as 0ktapus and UNC3944, is believed to have compromised the systems of over 100 organizations, amassing more than $100 million in ransom payments over their operational period.
Background on Scattered Spider
The group gained notoriety for a major hacking campaign against Salesforce in 2025, along with the 0ktapus campaign in 2022 that affected over 130 organizations. Despite announcing its retirement in September last year, the group’s legacy continues to affect the cybersecurity landscape.
Law enforcement globally has made strides in apprehending members of this sophisticated hacking network. In April, Tyler Robert Buchanan, a UK citizen, admitted to his involvement with Scattered Spider in the US court system.
This recent extradition underscores ongoing international efforts to combat cybercrime and hold perpetrators accountable, reflecting the persistent threat posed by organized hacking groups.
