US authorities have filed sweeping charges against Thalha Jubair, a 19-year-old UK national allegedly at the center of one of the most lucrative cybercrime campaigns in recent history, extracting over $115 million through 120+ network intrusions targeting American businesses and critical infrastructure.
The Department of Justice unsealed a criminal complaint charging Jubair—who operated under aliases "EarthtoStar," "Brad," "Austin," and "@autistic"—with computer fraud conspiracy, wire fraud, and money laundering in connection with the notorious Scattered Spider collective's three-year extortion spree from May 2022 through September 2025.
Court documents reveal the staggering scope of the operation: Jubair and co-conspirators infiltrated 47 US-based entities using sophisticated social engineering tactics, calling corporate helpdesks to reset employee passwords before encrypting company data and demanding cryptocurrency ransoms. Individual victim payments ranged from $2.4 million to $36.2 million in Bitcoin.
The investigation exposed Jubair's direct involvement in attacks against major corporations across manufacturing, entertainment, retail, and financial services sectors. Most audaciously, the group penetrated the US federal court system in January 2025, compromising accounts including a federal magistrate judge and searching for sensitive information about ongoing cybercrime cases and "scattered spider" investigations.
"These malicious attacks caused widespread disruption to U.S. businesses and organizations, including critical infrastructure and the federal court system," said Acting Assistant Attorney General Matthew Galeotti, emphasizing the "significant and growing threat posed by brazen cybercriminals."
Law enforcement seized $36 million in cryptocurrency from Jubair's servers, but not before he transferred an additional $8.4 million to alternate wallets during the July 2024 raid—demonstrating the group's operational sophistication and real-time awareness of law enforcement activities.
Protection Strategies: Organizations should implement rigorous helpdesk verification protocols, deploy endpoint detection and response solutions, and conduct regular social engineering awareness training. The Scattered Spider group's primary attack vector remains phone-based social engineering targeting IT support staff.
Jubair faces up to 95 years in prison if convicted on all charges. His arrest alongside 18-year-old Owen Flowers in coordinated UK-US operations marks a significant disruption to one of the most prolific English-speaking cybercrime collectives.