Authorities have unsealed a major criminal complaint charging Thalha Jubair, a 19-year-old citizen of the United Kingdom, with running a vast cyber extortion scheme. Jubair, who also went by the online names “EarthtoStar,” “Brad,” “Austin,” and “@autistic,” now faces multiple charges of computer fraud, wire fraud, and money laundering.
According to investigators, Jubair was part of the hacking group widely known as Scattered Spider. Working with others, he broke into the computer systems of companies across the United States. Over 120 network intrusions have been linked to the group since 2022. Victims included at least 47 U.S.-based organizations, ranging from businesses to critical infrastructure providers.
The alleged crimes led to more than $115 million in ransom payments from victims who were locked out of their systems or threatened with the release of stolen information. The hackers demanded payment in cryptocurrency, which they then tried to hide through laundering schemes.
The arrest of Jubair was made earlier this week in London as part of a joint investigation between U.S., U.K., and international law enforcement agencies. A second individual was also taken into custody in the United Kingdom in connection with a separate case involving British infrastructure.
Lonnie Smith-Matthews faces federal charges for loan and check fraud in Boston
How the Attacks Worked
Court documents explain that Jubair and his associates relied heavily on social engineering tactics. This means they tricked employees of companies into giving up passwords or other sensitive details, which allowed the group to sneak into protected computer systems. Once inside, they stole files, locked access, and then demanded huge ransom payments in exchange for restoring control or keeping the stolen data private.
The complaint highlights that Jubair played a role in attacks against a U.S.-based critical infrastructure company and even the U.S. Courts. These breaches, which took place in late 2024 and early 2025, show how bold and dangerous the group had become.
During the investigation, law enforcement tracked cryptocurrency payments linked to the group. In July 2024, authorities seized a server controlled by Jubair, which held cryptocurrency worth about $36 million at the time. Despite this, Jubair allegedly managed to move another $8.4 million in stolen funds to a different wallet just before the seizure.
Dwayne Anderson admits to defrauding American woman of more than $181,000
Matthew R. Galeotti, Acting Assistant Attorney General of the Justice Department’s Criminal Division, said that Jubair’s role in the scheme shows the “sweeping and disruptive nature” of the attacks. He stressed that the Department remains committed to fighting ransomware groups.
Alina Habba, Acting U.S. Attorney for the District of New Jersey, added that Jubair went to “great and sophisticated lengths” to remain anonymous, but investigators were able to unmask him through persistent work.
The FBI also weighed in. Brett Leatherman, Assistant Director of the FBI Cyber Division, warned cybercriminals that “if you attack American companies or citizens, we will find you, we will expose you, and we will seek justice.” Stefanie Roddy, Special Agent in Charge at the FBI, called the charges a “decisive victory against cybercriminal gangs.”
Global Cooperation Brings Breakthrough
The case against Jubair is the result of an extensive international operation. Agencies from the United States, the United Kingdom’s National Crime Agency, the City of London Police, the Netherlands, Romania, Canada, and Australia all worked together to track the group’s activities. Police and cybercrime specialists shared intelligence, followed digital money trails, and coordinated raids to gather evidence.
Scattered Spider, also known by names such as Octo Tempest, UNC3944, and 0ktapus, has been linked to numerous attacks worldwide. The group became infamous for targeting companies with high-value data and demanding massive payouts to stop the release of stolen information.
The charges filed in New Jersey outline a long list of crimes, including computer fraud conspiracy, wire fraud conspiracy, and money laundering conspiracy. If convicted on all counts, Jubair faces a potential sentence of up to 95 years in prison.
The investigation was led by the FBI’s Newark Field Office with major help from international partners. The case is being prosecuted by Adrienne L. Rose, Assistant Deputy Chief of the DOJ’s Computer Crime and Intellectual Property Section (CCIPS), George S. Brown, Trial Attorney of CCIPS, and Andrew Kogan, Assistant U.S. Attorney for the District of New Jersey’s Cybercrime Unit.
Officials emphasized that while the complaint details shocking acts of cybercrime, it remains an allegation. Jubair, like all defendants, is presumed innocent until proven guilty in court.
This case highlights the massive financial damage cyber extortion can cause to companies and public institutions. Over the past three years, Scattered Spider is believed to have stolen or extorted more than $115 million, proving how profitable — and destructive — these schemes can be.
