Blog

UK arrests ‘Scattered Spider’ teens linked to Transport for London hack

2 hours ago
2 minutes read

Two teenagers, believed to be linked to the August 2024 cyberattack on Transport for London, have been arrested in the United Kingdom.

Believed to be members of the notorious Scattered Spider hacking collective, 18-year-old Owen Flowers from Walsall and 19-year-old Thalha Jubair from East London are scheduled to appear at Westminster Magistrates Court today.

Flowers was previously arrested for his alleged involvement in the TfL attack in September 2024, but was released on bail after being questioned by officers of the UK National Crime Agency.

Since then, NCA investigators have found additional evidence potentially linking Flowers to attacks against U.S. healthcare companies.

The two suspects are being prosecuted for computer misuse and fraud-related charges linked to an investigation into the breach of London’s public transportation agency. Additionally, Flowers faces charges for conspiring to attack the networks of SSM Health Care Corporation and Sutter Health in the United States.

“This attack caused significant disruption and millions in losses to TfL, part of the UK’s critical national infrastructure,” said Deputy Director Paul Foster, the head of the NCA’s National Cyber Crime Unit.

“Earlier this year, the NCA warned of an increase in the threat from cyber criminals based in the UK and other English-speaking countries, of which Scattered Spider is a clear example.”

The U.S. Department of Justice also charged Thalha Jubair today with conspiracies to commit computer fraud, money laundering, and wire fraud, in relation to at least 120 network breaches and extortion attacks against 47 U.S. organizations between May 2022 and September 2025.

See also  Desloc D110 Plus review | Digitpatrox

The complaint, filed in the District of New Jersey and unsealed today, alleges that victims have paid Jubair and his accomplices at least $115,000,000 in ransom payments.

The Transport for London cyberattack

TfL disclosed the August 2024 cyberattack on September 2, 2024, stating that it had not found evidence that any customer data was compromised in the breach.

While the attack did not affect London’s transportation services, it did disrupt internal systems and online services, as well as TfL’s ability to process refunds. In a subsequent update, TfL revealed that customer data, including names, contact details, and addresses, had actually been compromised during the incident.

TfL provides transportation services to over 8.4 million Londoners through its surface, underground, and Crossrail transport systems, jointly managed with the UK’s Department for Transport.

In May 2023, TfL was the victim of another security breach after the Clop ransomware gang stole data belonging to over 13,000 customers from one of its suppliers’ MOVEit Managed File Transfer (MFT) servers.

The NCA arrested four other suspected members of the Scattered Spider cybercrime collective in July, believed to be involved in cyberattacks targeting major retailers in the country, including Marks & Spencer, Harrods, and Co-op.


Picus Blue Report 2025

46% of environments had passwords cracked, nearly doubling from 25% last year.

Get the Picus Blue Report 2025 now for a comprehensive look at more findings on prevention, detection, and data exfiltration trends.


Source link

Related posts:

  1. Proton fixes Authenticator bug leaking TOTP secrets in logs
  2. Google is rolling out a fix for Pixel back button issues
  3. Akira ransomware abuses CPU tuning tool to disable Microsoft Defender
  4. Google nukes 224 Android malware apps behind massive ad fraud campaign
See also  iCloud Calendar abused to send phishing emails from Apple’s servers
Tags
2 hours ago
2 minutes read
Back to top button
close