United Kingdom National Charged in Connection with Multiple Cyber Attacks, Including on Critical Infrastructure

NEWARK, N.J. - A complaint filed in the District of New Jersey was unsealed today charging Thalha Jubair, a United Kingdom national, with conspiracies to commit computer fraud, wire fraud, and money laundering, in relation to at least 120 computer network intrusions and extortion involving 47 U.S. entities. The complaint alleges victims paid at least $115,000,000 in ransom payments.

"The charges against Jubair announced today are the result of a lengthy investigation into particular cyber threat actors, often referred to as Scattered Spider, who have victimized at least 47 U.S.-based entities, including in New Jersey," said Alina Habba, Acting U.S. Attorney and Special Attorney for the District of New Jersey. "As alleged by the complaint, Jubair went to great and sophisticated lengths to keep himself anonymous while he and his criminal associates continued to attack these victims and extort tens of millions of dollars in ransom payments. But thanks to the relentless investigation of this Office and our FBI and CCIPS partners, Jubair could not remain anonymous and avoid justice indefinitely. Today's charges demonstrate my Office's determination to identify cybercriminals and bring them to justice, wherever they are in the world."

"Jubair is alleged to have participated in a sweeping cyber extortion scheme carried out by a group known as Scattered Spider, which committed at least 120 attacks worldwide and resulted in over $115 million in ransom payments from victims," said Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department's Criminal Division. "These malicious attacks caused widespread disruption to U.S. businesses and organizations, including critical infrastructure and the federal court system, highlighting the significant and growing threat posed by brazen cybercriminals. These charges underscore the Department's unwavering commitment to keeping pace with technologically savvy bad actors and holding accountable those who seek to profit from ransomware."

"Today's charges make it clear that no cybercriminal is beyond our reach," said Assistant Director Brett Leatherman of the FBI's Cyber Division. "If you attack American companies or citizens, we will find you, we will expose you, and we will seek justice. The FBI continues to deploy every investigative and technical resource available to dismantle criminal cyber networks and hold their members accountable. This means working with trusted international partners like the UK's National Crime Agency, the West Midlands Police, and the City of London Police, as well as utilizing the capabilities of our state and local partners, who are valued members of FBI's Cyber Task Forces."

"The arrest of Thalha Jubair underscores an undeniable truth: no matter how elusive or destructive these cyber-criminal syndicates are, we will continue to pursue those who allegedly extort our businesses and ensure they are held accountable," said Special Agent in Charge Stefanie Roddy for the FBI. Today's charges in both the U.S. and U.K. reflect extraordinary coordination with our foreign and industry partners and mark a decisive victory against cybercriminal gangs who thought they could cripple American industries, inflict hundreds of millions in losses, and hide behind a screen without consequence. The FBI remains relentless in protecting Americans and American businesses - detecting, deterring and diminishing the impact of cyber-criminal gangs."

According to the complaint, Thalha Jubair, also known as "EarthtoStar," "Brad," "Austin," and "@autistic," 19, of London, England, conspired with others to use social engineering techniques to gain unauthorized access into the computer networks of U.S. companies, steal and encrypt information, and demand ransom payments from victims in exchange for regaining control and preventing the dissemination of the exfiltrated data. Jubair also conspired with others to launder the funds obtained through this scheme. In October 2024 and January 2025, Jubair participated in a scheme to gain unauthorized access to the networks of a U.S.-based critical infrastructure company and the U.S. Courts.

From as early as May 2022 to as recently as September 2025, Jubair and his associates were involved in approximately 120 network intrusions, including accessing the computer networks of at least 47 U.S.-based victims. Collectively, victims paid more than $115 million to Jubair and his associates in efforts to recover their data and prevent its disclosure. Portions of the ransom payments from at least five victims were sent to wallets on a server controlled by Jubair. In July 2024, while law enforcement was seizing that server - including successfully seizing cryptocurrency worth approximately $36 million at the time of the seizure - Jubair transferred a portion of cryptocurrency that originated from one of the victims, worth approximately $8.4 million at the time, to another wallet.

The charges arise out of an investigation into a cyber threat group that has been referred to as "Scattered Spider," "Octo Tempest," "UNC3944," and/or "0ktapus." Scattered Spider has targeted victims throughout the United States, including in New Jersey.

Jubair is charged with computer fraud conspiracy, two counts of computer fraud, wire fraud conspiracy, two counts of wire fraud, and money laundering conspiracy. If convicted, he faces a maximum penalty of 95 years in prison.

On Tuesday, September 16, U.K. authorities arrested Jubair and a second individual in connection with a separate U.K. investigation related to a computer intrusion that targeted U.K. critical infrastructure.

The FBI's Newark Field Office is investigating the case. The United Kingdom's National Crime Agency and the City of London Police, the United Kingdom's West Midlands Police, the National Police of the Netherlands, the Dutch Prosecutor's Office, the Romanian Directorate for Investigating Organized Crime and Terrorism, Brigade for Combating Organized Crime Targu Mures, Romanian National Police, Directorate for Combating Organized Crime, the Royal Canadian Mounted Police, and the Australian Federal Police have provided significant assistance.

Assistant U.S. Attorney Andrew Kogan for the District of New Jersey's Cybercrime Unit and Assistant Deputy Chief Adrienne L. Rose and Trial Attorney George S. Brown of the Justice Department's Computer Crime and Intellectual Property Section (CCIPS) are prosecuting the case. The Justice Department's Office of International Affairs provided significant assistance.

A complaint is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

###