UK police arrested two teen Scattered Spider members linked to the 2024 attack on Transport for London
September 19, 2025
U.K. police arrested two teens from the Scattered Spider group for their role in the August 2024 cyberattack on Transport for London.
U.K. law enforcement authorities arrested two teenagers who are members of the notorious Scattered Spider hacking group in connection with their role in the cyber attack that hit Transport for London (TfL).
Transport for London (TfL) is a local government body responsible for most of the transport network in London, United Kingdom. In August 2024, a cyber attack hit the organization.
The two suspects are Thalha Jubair (aka EarthtoStar, Brad, Austin, and @autistic), 19, from East London and Owen Flowers, 18, from Walsall, West Midlands. The National Crime Agency (NCA) arrested both at their home addresses on Tuesday.
“Two men have been charged as part of the National Crime Agency investigation into a cyber attack on Transport for London (TfL).” reads the NCA announcement. “TfL was subject of a network intrusion on 31 August 2024, which investigators believe was carried out by members of the online criminal collective known as Scattered Spider.”
Both are charged with conspiring together to commit unauthorised acts against TfL, under the Computer Misuse Act.
On 6 September 2024, UK authorities initially charged Flowers for conspiring to attack US healthcare networks, while Jubair was also charged with conspiring with others to infiltrate and damage the networks of SSM Health Care Corporation and attempting to do the same to Sutter Health’s networks, both based in the US.
“This attack caused significant disruption and millions in losses to TfL, part of the UK’s critical national infrastructure.” Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, said.
“Earlier this year, the NCA warned of an increase in the threat from cyber criminals based in the UK and other English-speaking countries, of which Scattered Spider is a clear example.”
“The NCA, UK policing and our international partners, including the FBI, are collectively committed to identifying offenders within these networks and ensuring they face justice.”
Flowers and Jubair stay in custody, set to appear at Southwark Crown Court on October 16, 2025; Jubair faces additional RIPA charges.
The DOJ announced that Jubair faces charges in New Jersey for conspiracies to commit computer fraud, wire fraud, and money laundering, linked to at least 120 network intrusions and extortion targeting 47 U.S. entities. Victims reportedly paid over $115 million in ransom. Jubair allegedly acted with the Scattered Spider group, executing sophisticated attacks that disrupted businesses, critical infrastructure, and federal courts.
“Portions of the ransom payments from at least five victims were sent to wallets on a server controlled by Jubair. In July 2024, while law enforcement was seizing that server — including successfully seizing cryptocurrency worth approximately $36 million at the time of the seizure — Jubair transferred a portion of cryptocurrency that originated from one of the victims, worth approximately $8.4 million at the time, to another wallet.” reads the DoJ. “The charges arise out of an investigation into a cyber threat group that has been referred to as “Scattered Spider,” “Octo Tempest,” “UNC3944,” and/or “0ktapus.” Scattered Spider has targeted victims throughout the United States, including in New Jersey.”
Authorities emphasize the growing threat of cybercriminals and highlight the relentless investigation that exposed Jubair despite his attempts to remain anonymous, demonstrating a firm commitment to bringing cybercriminals to justice worldwide.
“Today’s charges make it clear that no cybercriminal is beyond our reach,” said Assistant Director Brett Leatherman of the FBI’s Cyber Division. “If you attack American companies or citizens, we will find you, we will expose you, and we will seek justice. The FBI continues to deploy every investigative and technical resource available to dismantle criminal cyber networks and hold their members accountable. This means working with trusted international partners like the UK’s National Crime Agency, the West Midlands Police, and the City of London Police, as well as utilizing the capabilities of our state and local partners, who are valued members of FBI’s Cyber Task Forces.”
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, Scattered Spider)
