Federal prosecutors have recently filed charges against 19-year-old Thalha Jubair, a British national from London, for his alleged involvement in a string of cyberattacks that resulted in extorting more than $115 million from American companies and government agencies. The complaint, which was unsealed in the District of New Jersey, accuses Jubair of leading a hacker collective known as Scattered Spider, responsible for carrying out various computer intrusions across the United States. These attacks disrupted critical services, including parts of the federal court system, and forced victims to pay ransoms to regain access to compromised systems.
Jubair’s arrest, along with another suspect, was made by U.K. authorities on September 16 in a separate case involving attempted intrusions into U.K. critical infrastructure. This demonstrates the transnational footprint of the group involved. The coordinated operation leading to Jubair’s arrest was conducted by the FBI’s Newark Field Office, with the support of the U.K. National Crime Agency, City of London Police, West Midlands Police, and international partners in the Netherlands, Romania, Canada, and Australia.
Assistant Director Brett Leatherman of the FBI’s Cyber Division emphasized that no cybercriminal is beyond the reach of law enforcement, showcasing the collaborative efforts that led to the apprehension of Jubair.
Scattered Spider, also known by aliases such as Octo Tempest, UNC3944, and 0ktapus, is recognized as one of the most aggressive cybercrime syndicates in recent years. The group is notorious for employing sophisticated social engineering tactics to impersonate employees, manipulate IT help desks, and infiltrate corporate systems.
Jubair, who used various online handles including “EarthtoStar,” “Brad,” “Austin,” and @autistic, reportedly worked with other members of the group to compromise networks, extract or encrypt sensitive data, and demand ransoms in exchange for secrecy or system restoration. Between 2022 and 2025, the group allegedly conducted at least 120 intrusions, targeting 47 U.S. organizations, and collecting over $115 million in ransom payments.
Investigators were able to trace portions of the ransom funds to cryptocurrency wallets controlled by Jubair. In July 2024, U.S. law enforcement seized approximately $36 million in digital assets linked to the group. During the same period, prosecutors allege that Jubair attempted to transfer $8.4 million to another wallet, further implicating him in the laundering of illicit proceeds.
The indictment against Jubair includes charges of conspiracy to commit computer fraud, two counts of computer fraud, conspiracy to commit wire fraud, two counts of wire fraud, and conspiracy to commit money laundering. If convicted on all counts, he could face a maximum sentence of 95 years in prison.
The arrest of Thalha Jubair sheds light on the increasing centrality of cryptocurrencies in cybercrime activities. In the first eight months of 2025 alone, hackers have managed to steal over $3 billion through 119 incidents, surpassing the total losses of 2024. Criminals are now able to launder stolen funds within seconds, surpassing the detection capabilities of most exchanges.
August 2025 was the third-worst month on record for crypto security, with hackers stealing $163 million across 16 cases. Governments are responding by ramping up oversight, with the UK and U.S. preparing a joint framework on digital assets. The New York Department of Financial Services has directed banks to integrate blockchain analytics into compliance programs to identify wallet risks.
In response to the escalating threat, major players in the cryptocurrency industry have launched the Beacon Network, a real-time crime response system designed to freeze illicit funds before they can be withdrawn. This initiative, backed by TRM Labs and federal agencies, aims to disrupt the $47 billion annual crypto crime economy.
As cybercriminals continue to move stolen funds at an alarming rate, the collaboration between industry stakeholders and regulators becomes crucial in combating these illicit activities. The race between hackers and authorities is intensifying, underscoring the need for proactive measures to enhance cybersecurity and protect the integrity of digital assets.