In a significant development in the realm of cybersecurity, the U.S. Department of Justice has unveiled federal charges against a British teenager, Thalha Jubair, who is alleged to have participated in a staggering number of cyberattacks, exceeding 120 incidents. These attacks reportedly targeted various entities, including the U.S. Courts system, and involved extortion attempts against numerous American companies.
Jubair, aged 19, was apprehended at his residence in East London earlier this week, as confirmed by a statement from the National Crime Agency. He made a court appearance alongside another teenager, Owen Flowers, 18, both facing accusations related to a cyberattack on Transport for London in 2024. This incident not only compromised sensitive data but also triggered a prolonged recovery process for the public transit authority.
The National Crime Agency has attributed the cyber intrusion on the London transit system’s IT infrastructure to a group known as Scattered Spider, which has gained notoriety for its audacious hacking endeavors.
Following their arrest, both Jubair and Flowers are scheduled to return to court for further proceedings, as reported by various news outlets.
Scattered Spider is recognized as a collective of financially motivated cybercriminals, primarily consisting of teenagers and young adults. They have been dubbed “advanced persistent teenagers” due to their adeptness in executing repeated cyberattacks. Their modus operandi often involves employing straightforward social engineering tactics, such as impersonating employees to gain access to sensitive information.
This group is also known for its connections within a broader cybercrime community, referred to as “the Com,” which sometimes resorts to real-world threats and violence, including swatting incidents.
In a separate set of federal charges filed in New Jersey, U.S. prosecutors have indicated that Jubair faces additional allegations of computer hacking, extortion, and money laundering. These charges stem from a series of hacks that reportedly resulted in corporate victims paying over $115 million in ransom.
According to the FBI’s criminal complaint, in July 2024, authorities seized servers believed to be operated by Jubair, uncovering evidence of his involvement in hacking at least 120 companies, including 47 based in the United States.
Prosecutors allege that Jubair utilized social engineering techniques to infiltrate corporate networks, steal internal data, and encrypt victim servers, subsequently extorting them for ransom to regain access to their files.
Among the victims was a critical infrastructure company located in New Jersey. The FBI discovered substantial evidence on Jubair’s servers, including over a gigabyte of data stolen from this company, along with browsing history indicating unauthorized access to its servers.
Another notable breach attributed to Jubair involved unauthorized access to the U.S. Courts system. In January 2025, Jubair and his associates allegedly contacted the help desk of the U.S. Courts to gain access to multiple user accounts, including one belonging to a federal magistrate judge, in search of information related to Scattered Spider.
Utilizing one of the compromised accounts, the hackers submitted an emergency information disclosure request to a financial services provider, a tactic commonly employed to deceive companies into releasing user information under the guise of a legitimate legal request.
The FBI has stated that Jubair’s seized server was instrumental in conducting searches related to the U.S. Courts hack and was used to send the emergency request to the financial institution.
Reports indicate that the Scattered Spider hackers infiltrated the U.S. Courts system to seek information about their activities, including the sealed indictment of a previously convicted member of the group.
At the time of the seizure, Jubair’s servers allegedly contained a cryptocurrency wallet holding approximately $36 million, much of which can be traced back to ransom payments made by victimized companies. However, the FBI claims that Jubair transferred around $8.4 million from the wallet just as they were taking control of the server.
It remains uncertain whether the Department of Justice intends to pursue Jubair’s extradition, as no immediate comments have been made by a DOJ spokesperson.