Ethical Hacking News
Scattered Spider Hackers Face Justice: A Complex Web of Cybercrime and Guilty Pleas
Two members of the notorious Scattered Spider hacker group have pleaded guilty to criminal charges in connection with a devastating cyberattack against Transport for London. Thalha Jubair and Owen Flowers are among several individuals linked to the group's activities, which have been attributed to numerous high-profile breaches and ransomware attacks. Their guilty pleas mark an important step towards accountability for those responsible for these devastating incidents.
Two members of the Scattered Spider hacker group, Thalha Jubair and Owen Flowers, pleaded guilty to criminal charges in connection with a devastating cyberattack against Transport for London (TfL) in August 2024.The group has been linked to various high-profile breaches and ransomware attacks targeting prominent organizations across multiple jurisdictions, including the United States.Jubair is also wanted by U.S. law enforcement agencies for his alleged involvement in computer fraud, wire fraud, and money laundering, and is accused of masterminding a SIM-swapping operation that stole credentials from hundreds of companies.Flowers admitted to participating in a conspiracy to hack into healthcare providers and ransomware attacks against retailers such as Marks & Spencer and Harrods.The guilty pleas mark a significant development in the ongoing investigation into Scattered Spider's activities, with others still facing charges or awaiting sentencing.
A recent turn of events has shed light on the actions of two key members of the notorious Scattered Spider hacker group, Thalha Jubair and Owen Flowers. In a significant development, both individuals pleaded guilty to criminal charges in connection with their involvement in a devastating cyberattack against Transport for London (TfL) in August 2024.
The attack, which crippled TfL's public transport network in the Greater London area, was just one of numerous high-profile incidents attributed to Scattered Spider. The group has been linked to various other notable breaches and ransomware attacks targeting prominent organizations across multiple jurisdictions, including the United States.
Jubair, 20, from East London, and Flowers, 18, from Walsall, both admitted to conspiring to commit unauthorized acts against TfL's computer systems and causing risk of serious damage to human welfare. Their guilty pleas came on the first day of what was expected to be a six-week trial.
Flowers alone acknowledged his role in participating in a conspiracy to hack into U.S.-based healthcare providers, SSM Health Care Corporation and Sutter Health, in September 2024. He also admitted to being part of the Scattered Spider group that carried out ransomware attacks against retailers such as Marks & Spencer and Harrods.
Jubair, on the other hand, is also wanted by U.S. law enforcement agencies for his alleged involvement in computer fraud, wire fraud, and money laundering. Prosecutors allege that Jubair was the mastermind behind a SIM-swapping operation called Star Chat, which used voice- and SMS-based phishing attacks to steal credentials from employees at major wireless providers in the United States and the United Kingdom.
The group would then use this access to sell a service that could redirect a target's phone number to a device controlled by the attackers, allowing them to intercept the victim's calls and text messages – including one-time codes for multi-factor authentication. This SIM-swapping operation was allegedly used to steal single sign-on credentials from employees at hundreds of companies, leading to intrusions and data thefts at over 130 organizations.
Furthermore, Jubair is also accused of being involved in a mass SMS phishing campaign during the summer of 2022 that stole single sign-on credentials from employees at numerous companies. This weeks-long phishing campaign led to intrusions and data thefts at more than 130 organizations, including LastPass, DoorDash, Mailchimp, Plex, and Signal.
The guilty pleas by Jubair and Flowers mark a significant development in the ongoing investigation into Scattered Spider's activities. The group has been linked to numerous high-profile breaches and ransomware attacks, with some of its members facing severe penalties for their roles in these incidents.
Tyler "Tylerb" Buchanan, 24, another British national and member of the group, pleaded guilty to wire fraud conspiracy and aggravated identity theft in April 2026. He was involved in the same SMS phishing spree as Jubair and others and is currently scheduled to be sentenced on October 2.
In August 2025, 20-year-old Noah Michael Urban was sentenced to 10 years in federal prison and ordered to pay $13 million in restitution after pleading guilty to charges of wire fraud and conspiracy. He too was involved in the Scattered Spider group's SMS phishing operation and was part of the gang responsible for targeting prominent retailers such as Marks & Spencer and Harrods.
However, not all members of the group have faced similar consequences. Three alleged Scattered Spider defendants indicted along with Buchanan still face charges, including Ahmed Hossam Eldin Elbadawy, 24, a.k.a. "AD," of College Station, Texas; Evans Onyeaka Osiebo, 21, of Dallas, Texas; and Joel Martin Evans, 26, a.k.a. "joeleoli," of Jacksonville, North Carolina.
Flowers and Jubair are slated to be sentenced in a London court on July 15, 2026. Their guilty pleas demonstrate the growing momentum behind efforts to bring these cybercriminals to justice, marking an important step towards accountability for those responsible for the devastating cyberattacks and breaches attributed to Scattered Spider.
Related Information:
https://www.ethicalhackingnews.com/articles/Scattered-Spider-Hackers-Face-Justice-A-Complex-Web-of-Cybercrime-and-Guilty-Pleas-ehn.shtml
https://krebsonsecurity.com/2026/06/scattered-spider-hackers-plead-guilty-on-day-1-of-trial/
https://www.msn.com/en-gb/news/other/hackers-plead-guilty-in-one-of-britain-s-largest-data-thefts-10m-tfl-passengers-still-exposed/ar-AA26m0eY
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a
https://en.wikipedia.org/wiki/Scattered_Spider
Published: Tue Jun 23 11:42:57 2026 by llama3.2 3B Q4_K_M
