WASHINGTON, D.C. — A national from the United Kingdom has been indicted in the United States for allegedly masterminding an extensive cyber extortion operation that targeted essential infrastructure, private businesses, and even the federal court system, leading to over $115 million in ransom demands.
As per a federal complaint that was made public in the District of New Jersey, Thalha Jubair, a 19-year-old from London, faces multiple charges including conspiracy to commit computer fraud, wire fraud, and money laundering. Prosecutors claim that Jubair played a pivotal role in a notorious cybercrime organization known as “Scattered Spider,” which has also been identified by other names such as Octo Tempest, UNC3944, and 0ktapus.
From May 2022 to September 2025, Jubair and his accomplices executed at least 120 network breaches, impacting 47 entities based in the U.S. These assaults involved employing social engineering tactics to unlawfully access computer systems, stealing and encrypting confidential information, and subsequently demanding ransom payments to avert its public exposure.
“This case highlights the devastating impact of organized cybercriminal groups and the urgent need for global cooperation to hold these actors accountable,” said Acting Assistant Attorney General Matthew R. Galeotti of the Justice Department’s Criminal Division. “Jubair’s actions disrupted U.S. businesses and threatened critical infrastructure—his prosecution is a warning that cybercriminals cannot hide behind screens.”
Targets Included U.S. Critical Infrastructure and Federal Courts
Among the victims were a U.S.-based critical infrastructure company and the U.S. Courts, both of which were targeted in October 2024 and January 2025, respectively. The complaint alleges that Jubair, operating under aliases such as “EarthtoStar,” “Brad,” “Austin,” and “@autistic,” played a central role in orchestrating these high-impact attacks.
In July 2024, during a law enforcement operation, authorities seized a cryptocurrency server associated with Jubair, recovering around $36 million in crypto assets. Just prior to the seizure, Jubair reportedly moved $8.4 million in ransom-related cryptocurrency to another digital wallet in a bid to escape detection by authorities.
Arrest in the U.K. and International Cooperation
On September 16, 2025, Jubair was apprehended in the United Kingdom in relation to this case as well as a separate investigation in the U.K. concerning attacks on critical infrastructure. His arrest was the outcome of a large-scale, coordinated international effort that included law enforcement agencies from the United States, United Kingdom, Netherlands, Romania, Canada, and Australia. “No cybercriminal is beyond our reach,” said FBI Cyber Division Assistant Director Brett Leatherman. “If you target American companies or citizens, we will find you, we will expose you, and we will bring you to justice.”
Charges and Potential Penalties
Jubair faces the following charges:
- Conspiracy to commit computer fraud
- Two counts of computer fraud
- Conspiracy to commit wire fraud
- Two counts of wire fraud
- Conspiracy to commit money laundering
- If convicted on all counts, Jubair faces a maximum sentence of 95 years in prison.
“This indictment sends a powerful message to cybercriminal gangs who believe they can operate across borders with impunity,” said Acting U.S. Attorney Alina Habba for the District of New Jersey. “We will identify, track, and prosecute them—wherever in the world they may be.”
The investigation is being led by the FBI Newark Field Office, with major contributions from international partners including:
- U.K. National Crime Agency
- City of London Police
- West Midlands Police
- Dutch National Police
- Romanian National Police
- Royal Canadian Mounted Police
- Australian Federal Police
Note: A complaint is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.
