Lewati ke konten
Ravington
Kembali ke berita
Dunia

Scattered Spider Hackers Pled Guilty on the First Day of the Trial

Krebs on Security
WhatsApp

In the United Kingdom, two individuals pled guilty to charges related to the cyberattack that paralyzed London's public transport network in August 2024. As part of the police investigation, 20-year-old Thalha Jubair and 18-year-old Owen Flowers confessed to the crimes of gaining unauthorized access to Transport for London computer systems and creating a risk of serious harm to human welfare. According to information revealed by prosecutors, these two individuals were found to be directly linked to the globally known malicious cyber group called Scattered Spider. By pleading guilty on the first day of a lengthy trial process that could have lasted for weeks, the suspects expedited the case. Authorities emphasized that these types of guilty pleas are a significant step against global cybercrime networks.

According to past news from KrebsOnSecurity, Flowers and Jubair were arrested in the UK in July 2025. Investigations revealed that the Scattered Spider group conducted ransomware attacks against global retail giants such as Marks & Spencer and Harrods. Additionally, the British food retailer Co-op Group was among those affected by these attacks. Intelligence sources confirmed that Flowers was the member who gave interviews to the media without revealing his name following the famous attack the group launched on the MGM Resorts and Caesars Entertainment casinos in Las Vegas in September 2023, which paralyzed their systems. This incident caused a huge public reaction, as it demonstrated that the group not only hacked systems but also preferred to interact using the media. These high-profile attacks exposed the group's global power and how dangerous mobile device-based techniques could be.

A new indictment issued by the US Department of Justice alleges that Thalha Jubair and other Scattered Spider members committed at least 120 distinct network breaches against 47 different American organizations between May 2022 and September 2025. Prosecutors stated that these network intrusions involve very serious crimes including computer fraud, electronic funds fraud, and money laundering, and that victims were forced to pay at least 115 million dollars in ransom. In investigations conducted by New Jersey prosecutors, it was also revealed that Flowers participated not only in the UK attacks but also in a conspiracy targeting US-based healthcare organizations named SSM Health Care Corporation and Sutter Health in September 2024. These comprehensive charges prove that cybercrime groups coordinate their operations on an intercontinental scale. Such global cyber threats, which transcend the borders of the countries where these individuals reside, necessitate cross-border cooperation in international law.

According to the prosecution's claim, Jubair co-administered a heavily active channel called 'Star Chat' operating on Telegram. This channel was used as a hub for a SIM-swapping group that carried out phishing attacks against employees of major wireless communication providers in the US and the UK. Thanks to the compromised credentials, criminals could redirect victims' phone numbers to their own devices and easily intercept calls and messages. This method was particularly effective in stealing one-time passwords sent to bypass multi-factor authentication (MFA) systems. Using these technical skills, the group offered a kind of 'service' and provided other cybercriminals with the opportunity to take over the communication networks of targeted individuals. Because these communication-based attacks directly target the digital security infrastructures of individuals and organizations, they can result in extremely devastating consequences.

New Jersey prosecutors also alleged that Jubair organized a massive SMS phishing campaign targeting employees of hundreds of companies during the summer months. The purpose of these weeks-long attacks, carried out in the summer of 2022, was to steal 'Single Sign-On' (SSO) credentials used to access the organizations' internal networks. This mass phishing operation led to the breach of more than 130 world-renowned organizations, including LastPass, DoorDash, Mailchimp, and Signal, resulting in massive data theft. According to reports, at the age of 15, Jubair had a background of creating fake 'emergency data requests' using stolen police and government email addresses under the alias 'Everlynn'. Through these fake requests, which deceived major technology companies, highly sensitive data such as users' IP addresses and account information were compromised. These developments reveal how the cybercrime world can resort to highly complex and sophisticated methods from a very young age.

Tanya tentang berita ini

Jawaban AI hanya dari berita ini.

Ini ringkasan singkat buatan AI. Artikel lengkap ada di sumbernya.

Baca selengkapnya di sumberkrebsonsecurity.com

Berita ini di sumber lain · 1

Japan

Berita terkait