US government charges British teenager accused of at least 120 ‘Scattered Spider’ hacks

The U.S. Department of Justice on Thursday unsealed federal charges against British teenager Thalha Jubair, who prosecutors accuse of being involved in at least 120 cyberattacks, including the U.S. Courts system, and the extortion of dozens of U.S. companies.

Jubair, 19, was arrested on Tuesday at his home in East London, according to a statement by the National Crime Agency. He appeared in court on Thursday morning in London alongside another teenager, Owen Flowers, 18. Both are accused of involvement in a 2024 cyberattack targeting Transport for London, the government body that oversees the London public transit system, which resulted in a data breach and a monthslong recovery effort.

The National Crime Agency said the hack on the London transit system’s IT network was attributed to the Scattered Spider hacking group.

Both Jubair and Flowers were taken into custody to appear in court at a later date, per BBC News.

Scattered Spider is an English-speaking group of financially motivated cybercriminals, mostly teenagers and young adults, who are sometimes referred to as “advanced persistent teenagers” for their skilled and repeated cyberattacks. These hackers are known for their ability to hack into large numbers of companies often by using relatively simple social engineering techniques, like calling up a company’s IT helpdesk pretending to be an employee who forgot their password and now needs a new one.

These hackers are also known for their involvement with other hackers through a nebulous cyber collective called “the Com,” referring to the cybercrime community that sometimes crosses into the real world by using physical threats and violence, including swatting.

As part of a separate set of federal charges filed in New Jersey, U.S. prosecutors said Jubair also faces computer hacking, extortion, and money laundering charges in relation to dozens of hacks that saw corporate victims pay over $115 million in ransom payments.

In its criminal complaint, the FBI said in July 2024 it seized servers they believe are run by Jubair, and found evidence that Jubair was allegedly involved in hacks of at least 120 companies, including 47 companies in the United States.

According to prosecutors, Jubair used social engineering techniques to break into company networks to steal internal data, encrypt the victim’s servers, then extort the victims into paying the hackers to unlock the files.

One of the victim companies included a critical infrastructure company based in New Jersey. The FBI said it found evidence on one of the servers allegedly run by Jubair that included more than a gigabyte of data stolen from the critical infrastructure company, as well as browsing history that showed apparent evidence of logging into the critical infrastructure company’s servers.