A twin citizen of the USA and Estonia has been extradited to the USA on suspicion of being a member of the hacking group “Scattered Spider.”
19-year-old Peter Stokes (who goes by the net handles “Bouquet”, “Spencer” and “Jordan”) was arrested in Finland on April 10 as he was about to board a flight to Japan at Helsinki airport and is accused of taking part in extorting tens of millions of {dollars} from a number of well-known corporations around the globe.
In keeping with court docket paperwork, Stokes was concerned in not less than 4 Scattered Spider breaches (together with a hack into a web based communications platform in March 2023 when he was 16 years outdated) that required sufferer corporations to pay tens of millions of {dollars} in ransom.
The listing of victims compromised with the suspects’ cooperation additionally contains an nameless multibillion-dollar “luxurious items retailer” in Could 2025, when the hackers allegedly known as the corporate’s IT assist desk posing as workers, resetting credentials and accessing administrator accounts.
The attackers demanded an $8 million ransom for stealing 100 gigabytes of knowledge, however the firm refused to pay. Nevertheless, the corporate nonetheless incurred greater than $2 million in enterprise interruption and restore prices.
Stokes is presently going through costs of fraud, conspiracy and laptop trespassing, and stays in custody after showing in federal court docket in Chicago on Tuesday.

“The felony grievance costs Peter Stokes as a member of Scattered Spider, a bunch of hackers answerable for greater than 100 community intrusions that resulted in additional than $100 million in ransom funds and tens of millions extra in damages for victims,” Assistant Legal professional Basic A. Theisen Duva stated Wednesday.
“Scattered Spider has repeatedly focused U.S. companies, extorting workers, incurring tens of millions of {dollars} in losses, and disrupting essential operations,” added Brett Leatherman, deputy director of the FBI’s cyber division.
Scattered Spider (additionally tracked as 0ktapus, Octo Tempest, Scatter Swine, UNC3944, and Muddled Libra) emerged in 2022 as a unfastened hacking collective comprised primarily of youngsters and younger adults from the USA and United Kingdom.
They’re recognized to make use of a mixture of social engineering, focused multi-factor authentication (MFA) bombing (also called MFA fatigue), and SMS credential phishing assaults to infiltrate a goal’s community after which steal consumer credentials and delicate paperwork to make use of as a way of extortion.
Prosecutors stated they typically used the Genymobile Android emulator throughout MFA assaults, and in addition deployed DragonForce encryption in ransomware assaults in opposition to British retailers.
Scattered Spider’s listing of victims contains quite a lot of high-profile organizations together with Caesars, MGM Resorts, Riot Video games, DoorDash, Reddit, Mailchimp, Twilio, Allianz Life, Transport for London (TfL), a number of UK retailers comparable to Co-op, Marks & Spencer (M&S), Harrods, and most lately WestJet and Jaguar Land Rover (JLR).
Safety groups doc 54% of profitable assaults and difficulty a warning on solely 14%. The remainder strikes invisibly via the setting.
Picus’ whitepaper exhibits methods to check your SIEM and EDR guidelines in breach and assault simulations to make sure threats go undetected.
Get the white paper
