UK National Charged in Connection with Scattered Spider Attacks on Critical Infrastructure
Published
- Scattered Spider member charges: Thalha Jubair is charged with involvement in at least 120 network intrusions and cyber extortion schemes.
- Cyberattacks scale: The attacks targeted over 45 U.S. entities, resulting in over $115 million in ransom payments.
- The arrest: The individual was arrested in the U.K. this year as part of a coordinated law enforcement action.
A United Kingdom national has been charged in the United States for his alleged involvement in widespread cyber extortion conspiracies targeting U.S. entities, including critical infrastructure. The complaint details his connection to the prolific threat actor group known as Scattered Spider.
Allegations and Scattered Spider TTPs
Thalha Jubair, 19, also known by aliases such as "EarthtoStar" and "@autistic," is accused of conspiring with others to execute at least 120 network intrusions targeting at least 47 U.S. entities from May 2022 to September 2025.
According to the complaint, unsealed in the District of New Jersey, these cyberattacks generated over $115 million in ransom payments from victims. The ransomware group, tracked as Scattered Spider, Octo Tempest, or UNC3944, allegedly utilized social engineering techniques to gain unauthorized access to corporate networks.
“As alleged by the complaint, Jubair went to great and sophisticated lengths to keep himself anonymous while he and his criminal associates continued to attack these victims and extort tens of millions of dollars in ransom payments,” said Alina Habba, Acting U.S. Attorney and Special Attorney for the District of New Jersey.
The charges specifically mention Jubair's participation in attacks on a U.S.-based critical infrastructure company and the U.S. Courts system in late 2024 and early 2025. Authorities also allege that Jubair conspired to launder the proceeds of these criminal activities.
“The arrests of Scattered Spider members in the UK represent a significant blow to one of the most disruptive eCrime groups operating today,” said Adam Meyers, Head of Counter Adversary Operations at CrowdStrike, who estimates that this action will likely degrade the threat actor’s operations in the near future.
Since emerging in 2022, Scattered Spider has focused on ransomware and extortion campaigns. Authorities have linked the group to breaches involving prominent retailers and airlines.
International Law Enforcement and Cybercrime Charges
The investigation highlights significant international cooperation. U.K. authorities arrested Jubair in connection with a separate investigation into a computer intrusion that targeted U.K. critical infrastructure.
During the seizure of a server controlled by Jubair, law enforcement successfully recovered cryptocurrency worth approximately $36 million. Jubair is charged with computer fraud conspiracy, wire fraud conspiracy, and money laundering conspiracy, facing a maximum penalty of 95 years in prison if convicted.
These cybercrime charges underscore a global commitment to dismantling sophisticated cybercriminal operations and holding perpetrators accountable for attacks on critical infrastructure.
“This isn’t just about arrests — it demonstrates the impact of strong public-private collaboration — when law enforcement and industry share intelligence and act decisively, we can disrupt operations that are inflicting real damage on global businesses,” added Meyers.
In August, Scattered Spider hacker Noah Michael Urban was sentenced to 10 years in prison in the U.S. In July, CISA released an advisory with updates on Scattered Spider enhanced TTPs, which include possible DragonForce Ransomware deployment.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular