Two males pleaded responsible in the UK this week to legal expenses stemming from an August 2024 cyberattack that crippled Transport for London<\/strong>, the entity accountable for the general public transport community within the Larger London space. The duo have been key members of a prolific cybercrime group generally known as Scattered Spider<\/strong>, and their responsible pleas got here on the primary day of what was anticipated to be a six-week trial.<\/p>\n Owen Flowers (left) 18, and Thalha Jubair, 20. Picture: UK Nationwide Crime Company (NCA).<\/p>\n<\/div>\n Thalha Jubair<\/strong>, 20, of East London and 18-year-old Owen Flowers<\/strong> of Walsall admitted conspiring to commit unauthorized acts towards Transport for London pc methods and inflicting danger of significant harm to human welfare. In response to a report<\/a> from the BBC, Flowers alone admitted to being a part of a conspiracy to hack into U.S. primarily based healthcare suppliers SSM Well being Care Company and Sutter Well being in September 2024.<\/p>\n Jubair can also be needed by U.S. legislation enforcement businesses. In September 2025, prosecutors in New Jersey unsealed an indictment<\/a> alleging Jubair and different Scattered Spider members dedicated pc fraud, wire fraud, and cash laundering in relation to 120 pc community intrusions involving 47 U.S. entities between Might 2022 and September 2025, and that the group\u2019s victims paid no less than $115 million in ransom funds.<\/p>\n In July 2025, KrebsOnSecurity reported<\/a> that Flowers and Jubair have been arrested in the UK in reference to Scattered Spider ransom assaults<\/a>\u00a0towards the retailers\u00a0Marks & Spencer<\/strong>\u00a0and\u00a0Harrods<\/strong>, and the British meals retailer\u00a0Co-op Group<\/strong>. A number of sources aware of these investigations mentioned Flowers was the Scattered Spider member who anonymously gave interviews to the media<\/a> within the days after the group\u2019s September 2023 ransomware assaults disrupted operations at Las Vegas casinos operated by MGM Resorts<\/strong>\u00a0and\u00a0Caesars Leisure<\/strong>.<\/p>\n In response to prosecutors, Jubair co-ran a bustling Telegram channel known as Star Chat<\/strong>, the house of a SIM-swapping<\/a> group that used voice- and SMS-based phishing assaults to steal credentials from staff on the main wi-fi suppliers within the U.S. and U.Ok. The group would then use that entry to promote a service that would redirect a goal\u2019s telephone quantity to a tool the attackers managed and intercept the sufferer\u2019s calls and textual content messages (together with one-time codes for multi-factor authentication).<\/p>\n A receipt from Star Fraud Chat\u2019s SIM-swapping service focusing on a T-Cellular buyer after the group gained entry to inside T-Cellular worker instruments. \u201cRocket Ace\u201d was one in all Jubair\u2019s hacker handles, in keeping with U.S. prosecutors.<\/p>\n<\/div>\n New Jersey prosecutors additionally allege Jubair additionally was concerned in a mass SMS phishing marketing campaign in the course of the summer time of 2022<\/a> that stole single sign-on credentials from staff at a whole bunch of corporations.\u00a0That weeks-long SMS phishing marketing campaign led to intrusions and knowledge thefts at greater than 130 organizations, together with LastPass<\/strong>,\u00a0DoorDash<\/strong>,\u00a0Mailchimp<\/strong>,\u00a0Plex<\/strong>\u00a0and\u00a0Sign<\/strong>.<\/p>\n KrebsOnSecurity reported final 12 months that one in all Jubair\u2019s alter egos at age 15 was \u201cEverlynn<\/strong>,\u201d a hacker who bought fraudulent \u201cemergency knowledge requests\u201d<\/a> that used compromised police and authorities electronic mail addresses to demand subscriber knowledge (e.g. username, IP\/electronic mail deal with) from main tech corporations, claiming the requests involved pressing issues of life and demise and couldn’t watch for a courtroom order.<\/p>\n In April 2026, 24-year-old British nationwide and Scattered Spider member Tyler \u201cTylerb\u201d Buchanan<\/strong> pleaded responsible<\/a> to wire fraud conspiracy and aggravated identification theft for taking part within the group\u2019s SMS phishing spree in the summertime of 2022. The federal government mentioned Buchanan, Jubair and others used the credentials harvested in that phishing marketing campaign to steal no less than $8 million in cryptocurrency from victims all through the US. Buchanan is at present scheduled to be sentenced on October 2.<\/p>\n![\"\"](\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/06\/flowers-jubair-nca.png\")
<\/p>\n![\"\"](\"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2025\/09\/rocketace-tmobile.png\")
<\/p>\n