The US Justice Department accused a British teenager on Thursday of engaging in a yearslong spree of cyberattacks that targeted 47 American organizations and netted more than $100 million in ransom payments.
Thalha Jubair, 19, from London, participated in a conspiracy to commit computer fraud, wire fraud, and money laundering in relation to at least 120 computer network intrusions between May 2022 to as recently as September 2025, according to a complaint filed Thursday by federal prosecutors in New Jersey.
The charges are a result of a nationwide investigation into a cybercrime group referred to as Scattered Spider, according to Alina Habba, acting US Attorney and Special Attorney for the District of New Jersey.
Jubair went by the names “EarthtoStar,” “Brad,” “Austin,” and “@autistic,” on Telegram and social media, according to the complaint. The US accused him of using social engineering techniques to gain access to companies’ computer networks, steal and encrypt their data and demand ransom payments for that information’s safe return.
No victim organizations were named in the indictment, but the charges state that Jubair gained access to the networks of a “US based critical infrastructure company” in October 2024 and “the US courts” in January.
“The arrest of Thalha Jubair underscores an undeniable truth: no matter how elusive or destructive these cyber-criminal syndicates are, we will continue to pursue those who allegedly extort our businesses and ensure they are held accountable,” said Stefanie Roddy, Special Agent in Charge for the FBI.
In separate charges, British prosecutors on Thursday charged Jubair and another man over a cyberattack that disrupted London’s transport network for several weeks last year.
Jubair and Owen Flowers, 18, from Walsall, West Midlands, were arrested following a lengthy investigation into the hack on Transport for London, or TfL, the National Crime Agency said in a statement Thursday.
TfL runs much of London’s rail, underground and bus services. The hack on its network, beginning on Aug. 31, 2024, didn’t shut down transport in the city, but it did disrupt millions of travelers’ ability to pay for some services and access information online. The National Crime Agency said the cyberattack was carried out by members of the Scattered Spider group and that it caused millions of pounds in losses to the organization.
UK prosecutors said that Flowers and Jubair would face computer misuse and fraud-related charges. Both appeared at London’s Westminster Magistrates Court on Thursday and were remanded in custody pending their next hearing on Oct. 16.
Attorneys for both men declined to comment.
“Our prosecutors have worked to establish that there is sufficient evidence to bring the case to trial and that it is in the public interest to pursue criminal proceedings,” said Hannah von Dadelszen, the Crown Prosecution Service’s chief crown prosecutor.
In addition to the charges concerning TfL, Flowers was charged by British prosecutors with alleged involvement in attacks that targeted US health-care companies SSM Health Care Corporation and Sutter Health. Jubair has been charged with a separate offense for allegedly failing to disclose the pin code or passwords for devices seized from him.
Paul Foster, head of the National Crime Agency’s Cyber Crime Unit, said the charges were the result of a “lengthy and complex” investigation.
“Earlier this year, the NCA warned of an increase in the threat from cybercriminals based in the UK and other English-speaking countries,” said Foster in a statement.
Photo: (Photo by Ed Ram/Getty Images)
Was this article valuable?
Here are more articles you may enjoy.
Reuters: AI Chatbots Were Happy to Help Craft a Phishing Scam 
Hurricane Forecasts Are Missing the Mark as the Atlantic Stays Calm — So Far 
Two High-Profile Personal Injury Law Firms Sue… Each Other 
Insurers Lose Bid to Appeal London Judgment Over Jets Lost in Russia 
