Four Scattered Spider Members Charged by UK Authorities in Ransomware Case

Published
Written by:
Lore Apostol
Lore Apostol
Cybersecurity Writer

Four individuals associated with the Scattered Spider ransomware group have been charged in the U.K. The accused, aged 17 to 20, were apprehended following investigations into high-profile data theft and extortion attacks. 

Authorities have linked the group to breaches involving prominent retailers such as Marks & Spencer, Harrods, and Co-op Group, as well as various airlines. The arrests, conducted by the UK’s National Crime Agency (NCA), include two males aged 19, another aged 17, and a 20-year-old female.

One suspect, identified as Owen David Flowers who allegedly went by the hacker handles “bo764,” “Holy,” and “Nazi,” reportedly played a key role in the MGM attack. Flowers was the group member who anonymously gave interviews to the media in the days after the MGM hack, sources told KrebsOnSecurity.

In March 2022, the leader of the LAPSUS$ data extortion group exposed Thalha Jubair’s name and hacker handles in a public chat room on Telegram
In March 2022, the leader of the LAPSUS$ data extortion group exposed Thalha Jubair’s name and hacker handles in a public chat room on Telegram | Source: KrebsOnSecurity

Another, 19-year-old Thalha Jubair, who is believed to have used the nickname “Earth2Star,” which corresponds to a founding member of the cybercrime-focused Telegram channel “Star Fraud Chat,” has a known history of orchestrating cyber intrusions under various aliases, including roles in earlier incidents involving the LAPSUS$ extortion group. 

The gang stole data from tech giants, including Microsoft, Nvidia, Okta, Rockstar Games, Samsung, T-Mobile, and Uber, in 2022.

In April, a 20-year-old who is believed to be a member of the notorious Scattered Spider threat actor pleaded guilty in court, while five other individuals were arrested in November 2024. In July 2024, a 17-year-old boy from Walsall was arrested, and the FBI detained a 22-year-old SIM swapper operating under the alias ‘Tyler,’ who was believed to be the Scattered Spider leader.

Scattered Spider, an English-speaking cybercrime group, has developed a reputation for its adept use of social engineering techniques. 

The group frequently impersonates employees or contractors to deceive IT help desks into granting unauthorized access to infiltrate networks, steal sensitive data, and deploy ransomware to extort their victims.  

The NCA’s action disrupted the group’s current operations due to these arrests, but the Scattered Spider ransomware group’s prolific activities suggest that organizations must prioritize social engineering defenses, including employee training on phishing tactics and access verification procedures.


For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: