Two men pleaded guilty in the United Kingdom to criminal charges related to a cyberattack that disrupted Transport for London's public transport network. The guilty pleas were entered by Thalha Jubair, 20, and Owen Flowers, 18, who are identified as key members of the cybercrime group Scattered Spider. Their admissions came on the first day of a trial that was expected to last six weeks, as first reported by Krebs on Security.
Jubair and Flowers admitted to conspiring to commit unauthorized acts against Transport for London's computer systems and causing risk of serious damage to human welfare. Flowers also admitted to hacking U.S. healthcare providers SSM Health Care Corporation and Sutter Health.
Jubair is wanted in the U.S. for alleged computer fraud, wire fraud, and money laundering involving 120 network intrusions against 47 U.S. entities, resulting in at least $115 million in ransom payments. The group utilized SIM-swapping and SMS phishing campaigns to steal credentials, enabling access to sensitive data and financial assets.
Previous KrebsOnSecurity reporting linked Flowers to interviews following attacks on MGM Resorts and Caesars Entertainment. Tyler Buchanan, another Scattered Spider member, previously pleaded guilty to wire fraud conspiracy and aggravated identity theft for his role in a 2022 SMS phishing spree that led to $8 million in cryptocurrency theft. Noah Michael Urban received a 10-year sentence for similar charges. Three other alleged Scattered Spider members still face charges in the U.S.
Kelley Damore is Chief Content Officer at CyberRisk Alliance, where she leads content strategy across the company’s digital brands, research, communities and live events serving CISOs and security practitioners. At CyberRisk Alliance, she is focused on delivering 365-day engagement, trusted journalism and actionable insights to help security leaders navigate an increasingly complex threat landscape.
Kelley Damore is Chief Content Officer at CyberRisk Alliance, where she leads content strategy across the company’s digital brands, research, communities and live events serving CISOs and security practitioners. At CyberRisk Alliance, she is focused on delivering 365-day engagement, trusted journalism and actionable insights to help security leaders navigate an increasingly complex threat landscape.
Registering with SC Media is 100% free. Join tens of thousands of cybersecurity leaders today and gain access to the latest analysis shaping the global infosec agenda.
