U.S. Charges British Teen in Scattered Spider Cybercrime Spree

19-year-old accused of 120 hacks, $115M in ransom, and targeting U.S. courts

Arrest in London

The U.S. Department of Justice (DOJ) has filed federal charges against Thalha Jubair, a 19-year-old British national accused of orchestrating more than 120 cyberattacks.

• Arrest details: Jubair was detained Tuesday at his East London home by the National Crime Agency (NCA).
• Court appearance: He appeared Thursday in London alongside Owen Flowers, 18, accused of participating in a 2024 cyberattack on Transport for London that caused major disruptions.
• Group affiliation: Authorities link both teens to Scattered Spider, an English-speaking hacking group known for social engineering tactics.

Who is Scattered Spider?

Scattered Spider is part of a loose cyber collective known as “the Com.”

• Demographics: Mostly teenagers and young adults, sometimes referred to as “advanced persistent teenagers.”
• Methods: They specialize in social engineering, often impersonating employees to trick IT help desks into resetting passwords.
• Escalation: Beyond cyber intrusions, members have been tied to swatting and physical threats, blurring the line between online and offline intimidation.

Federal charges in the U.S.

The DOJ’s charges, filed in New Jersey, paint a picture of large-scale digital extortion.

• Alleged crimes: Jubair faces charges of computer hacking, extortion, and money laundering.
• Victim count: At least 47 U.S. companies were hacked, with victims paying over $115 million in ransom.
• Critical targets: One breach involved a New Jersey infrastructure firm, where the FBI found over a gigabyte of stolen data.

Hacking the U.S. Courts

Prosecutors say Jubair also infiltrated the U.S. Courts’ IT system in early 2025.

• Account access: He allegedly tricked the help desk into resetting passwords for three accounts, including one belonging to a federal magistrate judge.
• Manipulated requests: Using the stolen credentials, hackers submitted fake emergency legal requests to obtain sensitive customer data from a financial services company.
• Motivation: Investigators say the hackers were looking for sealed court documents related to Scattered Spider prosecutions.

The FBI investigation

The FBI traced many of the operations back to servers allegedly controlled by Jubair.

• Digital evidence: The seized servers contained stolen corporate data, browsing history of compromised systems, and ransom communications.
• Crypto trail: A cryptocurrency wallet with $36 million was discovered, most of it traceable to ransom payments.
• Evasion attempts: Jubair allegedly moved $8.4 million from the wallet as the FBI was seizing control of the servers.

What comes next

It remains unclear whether the DOJ will seek Jubair’s extradition from the U.K.

• International dimension: The case underscores how cybercrime syndicates cross borders, making prosecutions more complex.
• Ongoing risks: Scattered Spider remains active, raising concerns about further attacks on U.S. infrastructure and institutions.