惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园 - Franky
C
CXSECURITY Database RSS Feed - CXSecurity.com
S
Schneier on Security
Know Your Adversary
Know Your Adversary
Security Latest
Security Latest
Spread Privacy
Spread Privacy
Project Zero
Project Zero
T
The Exploit Database - CXSecurity.com
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
AI
AI
N
News | PayPal Newsroom
A
Arctic Wolf
NISL@THU
NISL@THU
W
WeLiveSecurity
Security Archives - TechRepublic
Security Archives - TechRepublic
Hacker News: Ask HN
Hacker News: Ask HN
P
Palo Alto Networks Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
大猫的无限游戏
大猫的无限游戏
L
Lohrmann on Cybersecurity
Last Week in AI
Last Week in AI
T
Threatpost
The Last Watchdog
The Last Watchdog
博客园_首页
C
Cybersecurity and Infrastructure Security Agency CISA
酷 壳 – CoolShell
酷 壳 – CoolShell
量子位
Engineering at Meta
Engineering at Meta
爱范儿
爱范儿
aimingoo的专栏
aimingoo的专栏
S
Security Affairs
P
Privacy & Cybersecurity Law Blog
B
Blog RSS Feed
AWS News Blog
AWS News Blog
P
Proofpoint News Feed
雷峰网
雷峰网
T
Tenable Blog
Schneier on Security
Schneier on Security
H
Heimdal Security Blog
V2EX - 技术
V2EX - 技术
V
V2EX
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
S
Secure Thoughts
Latest news
Latest news
Help Net Security
Help Net Security
Jina AI
Jina AI
Stack Overflow Blog
Stack Overflow Blog
The Cloudflare Blog
V
Vulnerabilities – Threatpost
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org

Comments for Krebs on Security

‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm Who Runs the Ransomware Group ‘The Gentlemen?’ A Record-Breaking Patch Tuesday for June 2026 Hackers Used Meta’s AI Support Bot to Seize Instagram Accounts Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks Lawmakers Demand Answers as CISA Tries to Contain Data Leak Alleged Kimwolf Botmaster ‘Dort’ Arrested, Charged in U.S. and Canada CISA Admin Leaked AWS GovCloud Keys on Github Canvas Breach Disrupts Schools & Colleges Nationwide Russia Hacked Routers to Steal Microsoft Office Tokens Patch Tuesday, April 2026 Edition
Scattered Spider Hackers Plead Guilty on Day 1 of Trial
Some guy · 2026-06-24 · via Comments for Krebs on Security

Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport network in the Greater London area. The duo were key members of a prolific cybercrime group known as Scattered Spider, and their guilty pleas came on the first day of what was expected to be a six-week trial.

Owen Flowers (left) 18, and Thalha Jubair, 20. Image: UK National Crime Agency (NCA).

Thalha Jubair, 20, of East London and 18-year-old Owen Flowers of Walsall admitted conspiring to commit unauthorized acts against Transport for London computer systems and causing risk of serious damage to human welfare. According to a report from the BBC, Flowers alone admitted to being part of a conspiracy to hack into U.S. based healthcare providers SSM Health Care Corporation and Sutter Health in September 2024.

Jubair is also wanted by U.S. law enforcement agencies. In September 2025, prosecutors in New Jersey unsealed an indictment alleging Jubair and other Scattered Spider members committed computer fraud, wire fraud, and money laundering in relation to 120 computer network intrusions involving 47 U.S. entities between May 2022 and September 2025, and that the group’s victims paid at least $115 million in ransom payments.

In July 2025, KrebsOnSecurity reported that Flowers and Jubair were arrested in the United Kingdom in connection with Scattered Spider ransom attacks against the retailers Marks & Spencer and Harrods, and the British food retailer Co-op Group. Multiple sources familiar with those investigations said Flowers was the Scattered Spider member who anonymously gave interviews to the media in the days after the group’s September 2023 ransomware attacks disrupted operations at Las Vegas casinos operated by MGM Resorts and Caesars Entertainment.

According to prosecutors, Jubair co-ran a bustling Telegram channel called Star Chat, the home of a SIM-swapping group that used voice- and SMS-based phishing attacks to steal credentials from employees at the major wireless providers in the U.S. and U.K. The group would then use that access to sell a service that could redirect a target’s phone number to a device the attackers controlled and intercept the victim’s calls and text messages (including one-time codes for multi-factor authentication).

A receipt from Star Fraud Chat’s SIM-swapping service targeting a T-Mobile customer after the group gained access to internal T-Mobile employee tools. “Rocket Ace” was one of Jubair’s hacker handles, according to U.S. prosecutors.

New Jersey prosecutors also allege Jubair also was involved in a mass SMS phishing campaign during the summer of 2022 that stole single sign-on credentials from employees at hundreds of companies. That weeks-long SMS phishing campaign led to intrusions and data thefts at more than 130 organizations, including LastPassDoorDashMailchimpPlex and Signal.

KrebsOnSecurity reported last year that one of Jubair’s alter egos at age 15 was “Everlynn,” a hacker who sold fraudulent “emergency data requests” that used compromised police and government email addresses to demand subscriber data (e.g. username, IP/email address) from major tech companies, claiming the requests concerned urgent matters of life and death and could not wait for a court order.

In April 2026, 24-year-old British national and Scattered Spider member Tyler “Tylerb” Buchanan pleaded guilty to wire fraud conspiracy and aggravated identity theft for participating in the group’s SMS phishing spree in the summer of 2022. The government said Buchanan, Jubair and others used the credentials harvested in that phishing campaign to steal at least $8 million in cryptocurrency from victims throughout the United States. Buchanan is currently scheduled to be sentenced on October 2.

In August 2025, 20-year-old Scattered Spider member from Florida named Noah Michael Urban was sentenced to 10 years in federal prison and ordered to pay $13 million in restitution, after pleading guilty to charges of wire fraud and conspiracy.

The U.S. Department of Justice says three alleged Scattered Spider defendants indicted along with Buchanan still face charges, including Ahmed Hossam Eldin Elbadawy, 24, a.k.a. “AD,” of College Station, Texas; Evans Onyeaka Osiebo, 21, of Dallas, Texas; and Joel Martin Evans, 26, a.k.a. “joeleoli,” of Jacksonville, North Carolina.

Flowers and Jubair are slated to be sentenced in a London court on July 15, 2026.