A London teenager is facing a maximum 95 years in prison for allegedly calling company help desks and convincing employees to reset passwords in a massive campaign to steal data and hold it for ransom. All told, the scheme allegedly extorted 47 unnamed U.S. entities and hit at least 120 computer networks—including the U.S. federal court system. Payments from victims totaled $115 million, prosecutors from the Department of Justice said.
A complaint unsealed in New Jersey this week charged Thalha Jubair, 19, with computer and wire fraud, and three counts of conspiracy charges. Authorities claim Jubair was allegedly part of the malicious hacking group known as “Scattered Spider,” from May 2022 to September 2025. Jubair allegedly used aliases including “Austin,” “Brad” and “EarthtoStar” in his role with the group, which could have begun when he was as young as 15 or 16. The complaint lists 47 unnamed companies in the U.S. as victims, including airlines, manufacturers, retailers, five tech companies, three financial services firms, and dozens of others. The U.S. federal court system was also allegedly targeted in the scheme, the complaint states.
The operation was multi-faceted, according to law enforcement. Jubair and other unnamed conspirators allegedly contacted company help desks and convinced representatives to reset other users’ passwords multiple times in addition to allegedly running password cracking software. Once successfully inside the company networks, the alleged hackers were able to encrypt or steal data and threaten to delete or publish it unless executives agreed to pay ransom. Prosecutors claim portions of payments from the victim companies were traced to a server allegedly controlled by Jubair. The financial services firms allegedly each paid $25 million and $36.2 million in Bitcoin in 2023—the highest payments listed in the complaint.
On Jan. 8, 2025, Jubair allegedly contacted the U.S. Courts network help desk and tricked a representative into resetting another person’s password, and then used it to take over two other accounts, including one belonging to a federal magistrate judge. Once Jubair and others allegedly gained access to the judge’s email, they searched the inbox for the terms “subpoena,” “scattered spider,” and the name of another alleged hacker facing charges. A second judge who had presided over a case involving an alleged conspirator in the Scattered Spider scheme was also targeted, the complaint states. Jubair and others allegedly stole 18 megabytes of data including thousands of names of Court employees, job titles, work locations, and usernames, and cellphone numbers.
Jubair could not be reached for comment.
“Jubair is alleged to have participated in a sweeping cyber extortion scheme carried out by a group known as Scattered Spider, which committed at least 120 attacks worldwide and resulted in over $115 million in ransom payments from victims,” said acting Assistant Attorney General Matthew R. Galeotti of the Department of Justice. “These malicious attacks caused widespread disruption to U.S. businesses and organizations, including critical infrastructure and the federal court system, highlighting the significant and growing threat posed by brazen cybercriminals.”
The U.K.’s National Crime Agency (NCA) and City of London Police arrested Jubair at his home address in East London this week, according to the NCA. A second teen, Owen Flowers, 18, of West Midlands in the U.K., was also arrested at home, the NCA announced. The two teenagers were separately charged for an August 2024 attack on Transport for London, a government agency that oversees trains, buses, taxis, and the London Underground.
According to the NCA, Jubair and Flowers appeared in Westminster Magistrates Court this week, where Flowers was separately charged with conspiring to damage SSM Health Care Corporation and Sutter Health, which are U.S. companies. Jubair was charged for failing to disclose pins or passwords for his seized devices. Both were remanded into custody in the UK. SSM and Sutter Health did not immediately respond to a request for comment.
“The arrest of Thalha Jubair underscores an undeniable truth: no matter how elusive or destructive these cyber-criminal syndicates are, we will continue to pursue those who allegedly extort our businesses and ensure they are held accountable,” said FBI Special Agent in Charge Stefanie Roddy in a statement. “[C]harges in both the U.S. and U.K. reflect extraordinary coordination with our foreign and industry partners and mark a decisive victory against cybercriminal gangs who thought they could cripple American industries, inflict hundreds of millions in losses, and hide behind a screen without consequence. The FBI remains relentless in protecting Americans and American businesses—detecting, deterring and diminishing the impact of cyber-criminal gangs.”
