British authorities have arrested two suspected members of the notorious cybercrime gang Scattered Spider for allegedly hacking London’s transit agency, the U.K.’s National Crime Agency said on Thursday.
London police and the NCA arrested 19-year-old Thalha Jubair and 18-year-old Owen Flowers at their homes on Tuesday, the NCA said in a statement. The two suspects were due to appear in court on Thursday to face charges under the U.K.’s Computer Misuse Act of “conspiring together to commit unauthorised acts” against Transport for London, according to the statement.
British authorities previously arrested Flowers in September 2024 in connection with the TfL hack, which occurred that month and which authorities said did not compromise any critical transportation infrastructure.
That arrest led to the discovery of evidence that Flowers had participated in cyberattacks on American healthcare companies, the NCA said. As a result, Flowers has also been charged with “conspiring with others to infiltrate and damage” the networks of two of those companies, the Missouri-based Catholic healthcare system SSM Health and the California-based nonprofit health system Sutter Health.
Both healthcare attacks involved intrusions into the health systems’ third-party vendors. The July 2023 ransomware attack affecting SSM Health began with an intrusion into SSM’s business services vendor Navvis, while Sutter Health experienced a data breach after its database vendor Virgin Pulse fell victim to a ransomware attack targeting a vulnerable file-transfer program.
Jubair also allegedly conducted cyberattacks on American organizations. The Justice Department on Thursday unsealed a criminal complaint charging him with a hacking and extortion spree that claimed at least 47 U.S. victims, including “a U.S.-based critical infrastructure company and the U.S. Courts.” Those intrusions led to ransom payments of more than $115 million, according to the complaint.
The recent arrests in the U.K. are the latest sign that law enforcement authorities around the world are cracking down on Scattered Spider’s prolific cybercrime activities. In recent months, the group — composed largely of teenagers and young adults in the U.S. and the U.K. — has targeted companies in the retail, insurance and aviation industries, deploying clever social-engineering tactics that have prompted warnings from the U.S. government.
Paul Foster, the head of the NCA’s National Cyber Crime Unit, called the arrests “a key step in what has been a lengthy and complex investigation.”
“The NCA, U.K. policing and our international partners, including the FBI, are collectively committed to identifying offenders within these networks and ensuring they face justice,” Foster said in a statement.
In July, the NCA arrested four apparent members of Scattered Spider, ranging in age from 17 to 20, for allegedly hacking the British retailers Marks & Spencer, Co-op and Harrods.
