INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).

Alleged Scattered Spider hacker extradited to US

| 2026-07-02 08:58 CRITICAL MEDIUM
Executive Summary AI-generated
The Scattered Spider hacking collective, a loosely knit group of teenagers and young adults from the United States and Great Britain, has been linked to numerous high-profile breaches, extorting millions of dollars in ransom payments, and disrupting essential operations. With over 100 network intrusions under their belt, they have consistently targeted U.S. companies, causing widespread damage and disruption. Their tactics include social engineering, MFA bombing, SMS credential phishing attacks, and exploiting vulnerabilities to steal sensitive documents and credentials. The group's list of victims includes luxury item retailers, high-profile organizations such as Caesars, MGM Resorts, and Reddit, with some breaches dating back to 2022. Peter Stokes, a dual U.S.-Estonian citizen, has been extradited to the United States to face charges related to his involvement in these hacking collective operations.
Technical Mitigations AI-generated
* Implement multi-factor authentication (MFA) for all users, especially those who access sensitive data or systems. This can include using authenticator apps like Google Authenticator or Authy, and enabling two-factor authentication whenever possible. * Use a reputable antivirus software that includes real-time protection and has been tested by independent labs such as AV-Test.org or VirusTotal.com. * Regularly update operating system (OS) and application versions to ensure you have the latest security patches. This can be done through automatic updates, manual checks for known vulnerabilities, and keeping your OS up-to-date with the latest security fixes. * Use a secure web browser like Tor Browser or Firefox Secure, which has built-in protection against phishing attacks and malware. * Be cautious when clicking on links or downloading attachments from unknown sources. Scammers often use social engineering tactics to trick users into installing malware or revealing sensitive information. Note: These are general recommendations and not specific technical mitigations for the alleged Scattered Spider hacking collective.
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
Scattered SpiderScattered Spider RoverRover
Target & Sectors
NORTH_AMERICA NORTH_AMERICA retailretail
Incident Timeline
‎March 2023
Threat actors used Scattered Spider to target an online communication platform when Stokes was 16 years old.
threat_actor Scattered Spider
‎May 2025
Scattered Spider hackers used a blend of social engineering, targeted multi-factor authentication (MFA) bombing and SMS credential phishing attacks to steal user credentials.
threat_actor Scattered Spider
organisation Caesars
organisation MGM Resorts
organisation DoorDash
organisation MailChimp
organisation Allianz Life
organisation Transport for London
organisation Marks & Spencer
organisation Jaguar Land
organisation U.S. Department of Justice
infrastructure Android
organisation Genymobile Android
organisation DragonForce
organisation MFA
organisation SMS
organisation EDR
financial $8 ransom
data_breach 100 gigabytes
financial $2 Entities
‎2025/07/02
Threat actors used Lapsus$ to hack into the email accounts of Scattered Lapsus$ Hunters.
organisation Lapsus$
organisation ShinyHunters
organisation Scattered Lapsus$ Hunters
‎September 2025
Thalha Jubair, a 20-year-old hacker from East London, is wanted in the United States.
target_region United States
‎April 10
Peter Stokes was arrested in Finland on April 10 while attempting to board a flight to Japan.
source_region Jordan
source_region Finland
source_region Japan
‎2026/06/25
The alleged Scattered Spider hacker was extradited to the United States and charged with conspiracy, computer intrusion, and fraud.
target_region United States
threat_actor Scattered Spider
general_metric 100 network intrusions
organisation the Justice Department’s Criminal Division
financial $100 Stolen / Extorted Funds
organisation Transport for London
financial £29 £ estimated
‎June 30
Peter Stokes was arrested in Finland.
source_region Finland
source_region United States
source_region Estonia
‎2026/07/02
The alleged Scattered Spider hacker was extradited to the United States by the FBI.
target_region United States
attribution FBI
attribution the Criminal Division
‎2026/07/02
Noah Michael Urban, a 20-year-old alleged Scattered Spider member, has been extradited to the United States.
threat_actor Scattered Spider
financial $115 victims
organisation The US Justice Department
organisation the Net Closing on
organisation the Jaguar Land
organisation DoJ
financial $8 $ m.
Tactical Metrics
Metrics
infrastructure
‎Android
Affected Product
Metrics
financial
8,000,000
Ransom
Metrics
data_breach
100
Gigabytes
Metrics
financial
2,000,000
Financial Impact
Metrics
financial
100,000,000
Stolen / Extorted Funds
Metrics
financial
115,000,000
Victims
Metrics
financial
29,000,000
£ Estimated
Metrics
financial
8
$ M.
Intelligence Sources
BleepingComputer 2026-07-02
Infosecurity-Magazine 2026-07-02