U.S. and U.K. prosecutors have levied criminal charges against British teenagers Thalha Jubair, 19, and Owen Flowers, 18, for their alleged roles as core members of the prolific cybercrime group Scattered Spider. The group is accused of extorting at least $115 million in ransom payments from numerous corporate victims.

The duo faces accusations related to several high-profile cyberattacks, including breaches at major U.K. retailers, Transport for London, and the disruptive 2023 ransomware incidents that hit Las Vegas casinos MGM Resorts and Caesars Entertainment.

A Prolific Cybercrime History

According to court documents, Jubair has an extensive history in cybercrime, operating under aliases like “EarthtoStar” and “Operator.” He is also alleged to have been a key member of the infamous LAPSUS$ data extortion group, which targeted tech giants like Microsoft, Okta, and Nvidia. Prosecutors connect Jubair to a wide range of criminal activities, including a massive 2022 SMS phishing campaign (known as 0ktapus) that compromised over 130 organizations, as well as running a prolific SIM-swapping service that frequently targeted T-Mobile employees to gain access to customer accounts.

From Digital Crimes to Real-World Threats

The investigation revealed that the group’s activities extended beyond digital extortion. Jubair is accused of using online channels to solicit “violence-as-a-service,” including a post seeking individuals to conduct a home invasion against a sitting U.S. federal prosecutor. Authorities were able to trace a portion of the ransom payments to a server controlled by Jubair, where they seized $36 million in cryptocurrency. The digital trail led directly to him after funds were used to purchase gift cards for food deliveries to his apartment and to fund his personal gaming accounts.