- Authorities arrested two alleged members of the Scattered Spider hacking group in the U.K. for cyber attacks on Transport for London (TfL).
- Thalha Jubair and Owen Flowers face multiple charges in the U.K. and the U.S. for conspiracy, fraud, and money laundering.
- Flowers allegedly targeted U.S. healthcare companies, while Jubair faces accusations involving more than 120 network intrusions and at least $115 million in ransom payments.
- The attacks disrupted critical services, including the U.S. federal court system, and led to the seizure of digital assets worth $36 million.
- The U.S. Department of Justice states Jubair could receive up to 95 years in prison if convicted.
Law enforcement in the United Kingdom arrested two teenagers, believed to be members of the Scattered Spider hacking group, on charges related to a major cyber attack against Transport for London (TfL) in August 2024. The individuals arrested are Thalha Jubair, 19, from East London, and Owen Flowers, 18, from Walsall, West Midlands. The National Crime Agency (NCA) announced that officers detained both suspects at their homes.
According to authorities, the attack caused severe disruption and financial losses for TfL. Deputy Director Paul Foster of the NCA stated, “This attack caused significant disruption and millions in losses to TfL, part of the UK’s critical national infrastructure.” The NCA also found evidence of Flowers attacking U.S. healthcare companies and charged him with conspiring to infiltrate the networks of SSM Health Care Corporation and Sutter Health.
Jubair is also accused of failing to provide device access credentials as required by law. In addition, the U.S. Department of Justice (DoJ) has charged him with conspiracy to commit computer fraud, wire fraud, and money laundering after conducting at least 120 network breaches and extorting 47 organizations between May 2022 and September 2025. The DoJ says these attacks often used social engineering—tricking people into giving up sensitive information—to breach targets, followed by data theft and ransom demands.
Victims paid at least $115 million in ransoms. The DoJ reported that the group’s activities affected U.S. critical infrastructure and the federal court system. In July 2024, law enforcement seized cryptocurrency wallets from a server allegedly managed by Jubair and confiscated digital assets totaling around $36 million. The agency also linked about $8.4 million in victim proceeds to Jubair.
Jubair faces several charges in the U.S., including conspiracy and multiple counts of fraud and money laundering. If convicted, he could be sentenced to a maximum of 95 years in prison. Acting U.S. Attorney Alina Habba said, “Jubair went to great and sophisticated lengths to keep himself anonymous while he and his criminal associates continued to attack these victims and extort tens of millions of dollars in ransom payments,” according to the official statement.
Jubair has also been charged under the Regulation of Investigatory Powers Act for not handing over device passwords during a March 2025 seizure. Flowers was previously released on bail but later faced further charges based on new evidence found by the NCA.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Sky warns MKR holders: convert to SKY or face mounting penalties
- XRP and Dogecoin ETFs Make Record-Breaking Debut on CBOE
- Shiba Inu Down 38% YTD, Lags Major Cryptos in Four-Year Gains
- EU Eyes Pension, Crypto Oversight Reforms in Year-End Initiative
- Dogecoin, XRP ETFs Smash Debut Volume, Top $54.7M in Trades
