Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

19-Year-Old Scattered Spider Suspect Extradited to Face U.S. Hacking Charges

The Hacker News by The Hacker News
July 1, 2026
Home Cybersecurity
Share on FacebookShare on Twitter


Swati KhandelwalJul 01, 2026Cybercrime / Ransomware

A teenager accused of belonging to the hacking group Scattered Spider has been extradited from Finland to face U.S. charges of conspiracy, computer intrusion, and fraud, the U.S. Department of Justice announced on July 1.

Peter Stokes, 19, a dual U.S. and Estonian citizen, appeared in a Chicago federal court on June 30, where a judge ordered him held in custody.

Finnish police arrested him in April on an Interpol Red Notice, an international arrest request, before his extradition in late June. His case is the latest in a run of arrests targeting a crew tied to breaches at casinos, retailers, and airlines.

Court records identify Stokes by the online handle “Bouquet” and describe at least four intrusions, the first when he was 16. In one case, in May 2025, prosecutors say he and others broke into a luxury jewelry retailer, copied its data, and demanded about $8 million in cryptocurrency.

The retailer refused to pay, evicted the intruders, and spent at least $2 million cleaning up. According to those records, Finnish officers seized two 2-terabyte hard drives when they stopped Stokes at Helsinki airport as he tried to board a flight to Japan.

Who is Scattered Spider

Scattered Spider is not a traditional gang. It is a loose, mostly English-speaking group of young people, many of them teenagers, spread across the U.S., U.K., and Europe.

Security companies also track it under the names Octo Tempest, UNC3944, and 0ktapus. Its main trick is simple and hard to stop. Instead of breaking software, it fools people.

Members phone a company’s IT help desk, pretend to be a worker who is locked out, and talk the staff into resetting a password or approving a login. Once inside, they steal files and threaten to leak them unless they are paid.

The group is best known for the 2023 attacks on MGM Resorts and Caesars Entertainment, which shut down MGM’s casino and hotel systems. Through 2025, it was linked to attacks on U.K. retailers including Marks & Spencer, Harrods, and Co-op, then U.S. insurers and, later, airlines, a pattern security researchers describe as moving through one sector at a time.

Assistant Attorney General A. Tysen Duva said the group has been involved in “over 100 network intrusions, resulting in more than $100 million in ransom payments.”

Part of a wider crackdown

Stokes is part of a broader shift in the Scattered Spider story: police are putting names, countries, and court dates to a crew that long operated as handles in chat rooms. Recent cases include:

  • Tyler Buchanan, a 24-year-old from Scotland, who was once described as a ringleader, pleaded guilty in a U.S. court in April 2026 to fraud and identity theft. He admitted stealing at least $8 million in cryptocurrency through phishing campaigns that hit companies including Twilio and LastPass, and faces a statutory maximum of 22 years in prison.
  • Noah Urban, a member from Florida, was sentenced in August 2025 to 10 years and ordered to repay about $13 million.
  • Thalha Jubair and Owen Flowers, two young men in the U.K., pleaded guilty in June 2026 to a 2024 attack on Transport for London, the capital’s transit agency. Flowers also admitted conspiring to hack two U.S. health systems, SSM Health and Sutter Health.

How companies can defend

The playbook has outlived the arrests. Mandiant reported a lull in attacks tied to the group after the 2025 arrests, then warned that other crews are already copying it.

The weak point is the help desk, not the firewall, so the fixes that hold are stricter identity checks before a reset and sign-in keys that phishing cannot steal.

A joint U.S. and international advisory adds that once inside, the intruders often lurk in a company’s chat tools and join the calls it holds to respond to the breach, watching who is hunting them.

For investigators, the drives seized in Helsinki may matter as much as the charges: devices taken from one member often lead to others. Stokes is presumed innocent, and his case must still go to trial, but the past year has made one thing plain: being young, scattered across borders, and good at talking past a help desk is no longer keeping this crew out of court.



Source link

The Hacker News

The Hacker News

Next Post
Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters

Unpatched Argo CD Repo-Server Flaw Could Let Attackers Take Over Kubernetes Clusters

Recommended.

Huawei Yenilikçi Ürün Yelpazesiyle Akıllı Teknolojinin Geleceğini Şekillendiriyor

Huawei Yenilikçi Ürün Yelpazesiyle Akıllı Teknolojinin Geleceğini Şekillendiriyor

September 19, 2025
Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer

Detour Dog Caught Running DNS-Powered Malware Factory for Strela Stealer

October 3, 2025

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio