A 19-year-old dual United States and Estonian citizen arrested in Finland earlier this month faces federal charges in the U.S. alleging he was a prolific member of the notorious Scattered Spider hacking collective.
According to temporarily unsealed court records obtained by the Chicago Tribune, the suspect (who used the online alias “Bouquet”) helped extort millions of dollars from multiple large corporations worldwide.
The suspected Scattered Spider member, who was allegedly arrested by Finnish law enforcement at Helsinki’s airport on April 10 while attempting to board a flight to Japan, is facing wire fraud, conspiracy, and computer intrusion charges.
In a six-count complaint filed under seal in December, prosecutors say that Bouquet was involved in at least four Scattered Spider breaches (including a March 2023 hack of an online communication platform, conducted when he was 16 years old) that forced the victim companies to pay millions of dollars in ransoms.
The list of companies breached with Bouquet’s help also includes an unnamed multibillion-dollar “luxury item retailer” in May 2025, when the hackers allegedly called the company’s IT helpdesk posing as employees to reset authentication credentials, then gained access to administrator accounts.
The group later sent a ransom demand, claiming to have 100 gigabytes of stolen data, and eventually demanded $8 million. However, even though the company refused to pay, it still incurred more than $2 million in disruption and remediation costs.
BleepingComputer reached out to the Department of Justice and the Office of the Attorney General for more details, but a response was not immediately available.
The Scattered Spider cybercrime collective
Scattered Spider (also tracked as 0ktapus, Scatter Swine, Octo Tempest, Starfraud, UNC3944, and Muddled Libra) surfaced in 2022 and is a loosely knit, financially motivated hacking collective composed largely of teenagers and young adults from the U.S. and Great Britain.
According to the FBI, they are known for using a blend of social engineering, targeted multi-factor authentication (MFA) bombing (aka MFA fatigue), and SMS credential phishing attacks to steal user credentials and sensitive documents for extortion leverage after breaching their targets’ networks.
Scattered Spider’s list of victims includes many high-profile companies, such as Caesars, MGM Resorts, Riot Games, MailChimp, Twilio, DoorDash, Reddit, Allianz Life, UK retailers Co-op, Marks & Spencer (M&S), and Harrods, and, more recently, WestJet and Jaguar Land Rover (JLR).
Earlier this month, 24-year-old Tyler Robert Buchanan, believed to be one of Scattered Spider’s leaders, pleaded guilty in the United States to charges of wire fraud and aggravated identity theft.
AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.
At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.
Claim Your Spot
