A teen suspected of involvement with the “Scattered Spider” hacking group has been extradited to the US over his alleged function in an $8 million crypto ransom.
The US Justice Division mentioned on Wednesday that Peter Stokes, a 19-year-old twin US-Estonian nationwide, was arrested in Finland in April on an Interpol Pink Discover and extradited to the US final week to seem in a Chicago federal courtroom on Tuesday.
A felony grievance unsealed in courtroom accused Stokes and others of breaching a luxurious jewellery retailer’s pc system in Could 2025 to steal information and demand a ransom fee of $8 million in crypto. The retailer managed to evict them from the community and didn’t pay the ransom, however suffered $2 million in disruption damages, in keeping with the grievance.
Stokes is likely one of the few arrests that authorities have tied to Scattered Spider, which regularly makes use of crypto ransoms. Ransomware actors obtained greater than $820 million in funds final yr, an 8% decline from 2024, at the same time as assaults rose by 50%.
A picture the FBI took from Stokes’ Snapchat account exhibits him carrying a necklace that claims “Hack the Planet,” a quote from the 1995 cult movie “Hackers.” Supply: US Division of Justice
Alleged hack began with phishing name
In line with the grievance, the hack towards the jewellery retailer began with a number of phishing calls to the corporate’s expertise assist desk, with Stokes and others allegedly pretending to be workers requesting a reset of login credentials.
Authorities alleged the hackers managed to compromise three worker accounts in as little as two hours, two of which belonged to firm IT directors, who had entry to higher-privilege accounts that had been additionally breached and used to entry the corporate’s methods,
After a couple of days, Stokes and others allegedly despatched a ransom observe from a compromised firm e mail account to demand funds or they might publish bank card and fee data.
Nonetheless, the grievance mentioned the corporate repelled the intrusion and that the intruders later contacted the corporate individually to demand $8 million, which the corporate didn’t pay.
Stokes allegedly concerned in “quite a few intrusions”
The grievance accused Stokes, who makes use of the web nicknames “Bouquet” and “Jordan,” of being a “Scattered Spider member who has engaged in quite a few intrusions, or assisted in them” on a number of unnamed firms.
Authorities claimed {that a} search of a storage gadget allegedly linked to Stokes confirmed it contained downloads from a digital non-public server that Microsoft had recognized as getting used to hold out intrusions on firms.
The grievance alleged that it additionally “contained exfiltrated data from a number of victim-companies.”
Associated: Taiko reopens bridge after $1.7M exploit, says customers made entire
The grievance claimed that Stokes’ Snapchat account exhibits “substantial wealth for an individual his age” and alleged that he used the account to boast “about his worldwide journey and wealth, and despatched media relating to apprehended Scattered Spider members.”
The Justice Division mentioned that Scattered Spider, also referred to as “Octo Tempest,” “UNC3944,” and “0ktapus,” has been concerned in over 100 community intrusions, leading to greater than $100 million in ransom funds and tens of millions of {dollars} in damages.
Stokes was charged with six counts associated to hacking, cyber extortion, fraud and conspiracy.
Journal: Crypto scammers face demise, Aussie CGT makes Asian hubs engaging: Asia Specific











