DOJ Unmasks Digital Phantom: Teen’s $115M Social Engineering Heist Exposed

Generated by AI AgentCoin World
Saturday, Sep 20, 2025 7:35 am ET2min read
Speaker 1
Speaker 2
AI Podcast:Your News, Now Playing
CRWD
--
BTC
--
Aime RobotAime Summary

- DOJ charges 19-year-old London resident Thalha Jubair with leading a $115M global cyber extortion scheme targeting 47 U.S. companies and critical infrastructure.

- Scattered Spider group used social engineering to breach federal court systems, exfiltrating sensitive data including a judge's account and 15 court staff details.

- Law enforcement seized $36M in digital assets from Jubair's wallets, but he allegedly transferred $8.4M before arrest in September 2025.

- Co-conspirator Owen Flowers also arrested for 2024 cyberattack on Transport for London; DOJ calls case a "decisive victory" against ransomware networks.

- Experts highlight need for stronger help desk protocols and public-private collaboration to combat social engineering tactics in cryptocurrency-enabled cybercrime.

The U.S. Department of Justice (DOJ) has charged Thalha Jubair, a 19-year-old London resident, with orchestrating a global cyber extortion scheme that allegedly targeted 47 U.S. companies and critical infrastructure, netting over $115 million in ransom payments. Jubair, operating under aliases such as "EarthtoStar," "Brad," and "Austin," is accused of leading the hacking collective known as Scattered Spider, which conducted at least 120 network intrusions between May 2022 and September 2025. The scheme involved social engineering attacks on corporate help desks to reset passwords, enabling the group to steal data, encrypt systems, and demand cryptocurrency ransoms.

The DOJ complaint details Jubair’s role in compromising the U.S. federal court system in January 2025. By impersonating employees and manipulating help desk staff, the group gained access to a federal magistrate judge’s account, searching for sensitive information related to ongoing cybercrime investigations and the name of a co-conspirator. The breach also exfiltrated data including the names, roles, and contact details of 15 court personnel. Additionally, the group used compromised credentials to send a request to a financial services provider for the emergency disclosure of customer account information.

Victim companies spanned multiple sectors, including airlines, manufacturers, retailers, technology firms, and financial services. Two

financial institutions
reportedly paid the highest ransoms—$25 million and $36.2 million in
Bitcoin
in 2023. Law enforcement traced portions of the ransom payments to cryptocurrency wallets controlled by Jubair. In July 2024, agents seized $36 million in digital assets from these wallets, though Jubair allegedly transferred $8.4 million to alternate accounts before the operation. The DOJ highlighted the group’s operational sophistication, noting that Jubair used multiple online personas and coordinated with co-conspirators to launder funds through gift cards and gaming accounts.

The U.K.’s National Crime Agency (NCA) and City of London Police arrested Jubair at his East London residence on September 16, 2025, following a coordinated operation with the FBI and international partners. He faces charges including conspiracy to commit computer fraud, wire fraud, and money laundering, with a maximum potential sentence of 95 years in prison. A second suspect, 18-year-old Owen Flowers, was also arrested for his alleged role in a 2024 cyberattack on Transport for London. The DOJ emphasized the case as a “decisive victory” against cybercriminals who exploit digital assets to inflict “hundreds of millions in losses”.

Industry experts have underscored the broader implications of the case. CrowdStrike’s Adam Meyers noted that the arrests demonstrate the reach of law enforcement into cybercrime networks and the importance of public-private collaboration in disrupting operations. The DOJ and FBI highlighted the need for organizations to strengthen help desk protocols and implement robust cybersecurity measures to counter social engineering tactics. With cryptocurrencies enabling rapid ransom transfers, the case underscores the growing challenge of tracing illicit transactions in real time.

Comments



Add a public comment...
No comments

No comments yet