Two youngsters, believed to be linked to the August 2024 cyberattack on Transport for London, have been arrested in the UK.
Believed to be members of the infamous Scattered Spider hacking collective, 18-year-old Owen Flowers from Walsall and 19-year-old Thalha Jubair from East London are scheduled to look at Westminster Magistrates Court docket at the moment.
Flowers was beforehand arrested for his alleged involvement within the TfL assault in September 2024, however was launched on bail after being questioned by officers of the UK Nationwide Crime Company.
Since then, NCA investigators have discovered extra proof doubtlessly linking Flowers to assaults towards U.S. healthcare corporations.
The 2 suspects are being prosecuted for laptop misuse and fraud-related fees linked to an investigation into the breach of London’s public transportation company. Moreover, Flowers faces fees for conspiring to assault the networks of SSM Well being Care Company and Sutter Well being in america.
“This assault induced important disruption and hundreds of thousands in losses to TfL, a part of the UK’s crucial nationwide infrastructure,” stated Deputy Director Paul Foster, the pinnacle of the NCA’s Nationwide Cyber Crime Unit.
“Earlier this yr, the NCA warned of a rise within the menace from cyber criminals primarily based within the UK and different English-speaking international locations, of which Scattered Spider is a transparent instance.”
The U.S. Division of Justice additionally charged Thalha Jubair at the moment with conspiracies to commit laptop fraud, cash laundering, and wire fraud, in relation to a minimum of 120 community breaches and extortion assaults worldwide between Could 2022 and September 2025, which affected a minimum of 47 U.S. organizations.
The criticism, filed within the District of New Jersey and unsealed at the moment, alleges that victims have paid Jubair and his accomplices a minimum of $115,000,000 in ransom funds.
The Transport for London cyberattack
TfL disclosed the August 2024 cyberattack on September 2, 2024, stating that it had not discovered proof that any buyer information was compromised within the breach.
Whereas the assault didn’t have an effect on London’s transportation providers, it did disrupt inner methods and on-line providers, in addition to TfL’s capability to course of refunds. In a subsequent replace, TfL revealed that buyer information, together with names, contact particulars, and addresses, had really been compromised in the course of the incident.
TfL supplies transportation providers to over 8.4 million Londoners by way of its floor, underground, and Crossrail transport methods, collectively managed with the UK’s Division for Transport.
In Could 2023, TfL was the sufferer of one other safety breach after the Clop ransomware gang stole information belonging to over 13,000 clients from one in all its suppliers’ MOVEit Managed File Switch (MFT) servers.
The NCA arrested 4 different suspected members of the Scattered Spider cybercrime collective in July, believed to be concerned in cyberattacks concentrating on main retailers within the nation, together with Marks & Spencer, Harrods, and Co-op.
46% of environments had passwords cracked, practically doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and information exfiltration tendencies.
