Renewz

British Teenager Thalha Jubair Charged in Major Cybercrime Scheme

British Teenager Thalha Jubair Charged in Major Cybercrime Scheme
source: gettyimages
September 18, 2025

The U.S. Department of Justice has unveiled federal charges against 19-year-old British hacker Thalha Jubair, accused of orchestrating over 120 cyberattacks—including intrusions into the U.S. courts system—and extorting dozens of American companies.

Arrest and Legal Proceedings

Jubair was apprehended on Tuesday at his East London residence, according to the National Crime Agency. He appeared in a London court on Thursday, alongside 18-year-old Owen Flowers. Both are linked to a 2024 cyberattack targeting Transport for London, which resulted in a significant data breach and a lengthy recovery process. This attack was attributed to the notorious hacking group, Scattered Spider.

The Scattered Spider Hackers

Scattered Spider, also known as an energetic and skilled group of English-speaking cybercriminals, often composed of teenagers and young adults, is infamous for launching frequent and sophisticated attacks. They primarily leverage social engineering tactics—such as impersonating company employees to bypass security—to infiltrate systems. The group operates within a cybercriminal collective called “the Com,” sometimes resorting to physical threats and violence, including swatting.

Federal Charges and Victim Impact

In addition to local charges, Jubair faces federal charges in New Jersey related to hacking, extortion, and money laundering. U.S. prosecutors allege that Jubair's hacking operations have resulted in ransom payments exceeding $115 million from corporate victims.

According to the FBI, servers believed to be controlled by Jubair were seized in July 2024, revealing evidence of at least 120 targeted companies, including 47 based in the United States. The hacker employed social engineering to access company networks, steal internal data, encrypt servers, and then extort money for decryption keys. Notably, one of the targets was a critical infrastructure company in New Jersey, from which over a gigabyte of stolen data was recovered.

Breach of U.S. Courts System

In January 2025, Jubair and his associates reportedly manipulated the U.S. Courts’ helpdesk to access three user accounts, including that of a federal magistrate judge. They sought information related to “Scattered Spider” and used one hacked account to submit a fraudulent legal request for customer data—a tactics common among these hackers.

The FBI indicated that Jubair’s seized server facilitated searches related to the Court system breach, including the alleged access to the sealed indictment of Noah Urban, a convicted member of the hacking collective. The server also housed a cryptocurrency wallet worth approximately $36 million, much of which was siphoned off as authorities moved in.

Legal and International Implications

It remains unclear whether the U.S. Department of Justice will pursue Jubair's extradition. A spokesperson for the DOJ has not issued a comment on the matter.

This case underscores the growing reach and sophistication of teenage cybercriminals and highlights significant vulnerabilities in both private and public sector cybersecurity defenses.

For more insights on cybersecurity threats and legal developments, follow Zack Whittaker, security editor at TechCrunch, via encrypted message at zackwhittaker.1337 on Signal or email at zack.whittaker@techcrunch.com.

Related links

By submitting, I confirm I have the right to share this link and I agree to link back to this article from the submitted page. Duplicate URLs are rejected. Up to 5 links per page.

GraphQL · 144 ms 
query Q($id: Int!, $domain: Int!, $srcId: Int!, $hasSrc: Boolean!, $hasSelf: Boolean!) {
  self: qa_ai(where: {id: {_eq: $id}}, limit: 1) @include(if: $hasSelf) {
    id
    title
    text
    date
  }
  linksarticle: qa_ai(where: {domain: {_eq: $domain}, id: {_neq: $id}}, order_by: {id: desc}, limit: 8) {
    id
    title
  }
  linksbottom: qa_ai(where: {domain: {_neq: $domain}, id: {_lt: $id}}, order_by: {id: desc}, limit: 3) {
    id
    title
    domain
  }
  source: qa_ai(where: {id: {_eq: $srcId}}, limit: 1) @include(if: $hasSrc) {
    id
    title
  }
}
{
  "id": 6644001,
  "domain": 6,
  "srcId": 0,
  "hasSrc": false,
  "hasSelf": true
}