Skip to content
Data Breach

Alleged Scattered Spider Member Extradited to the US for His Role in Hacking 100+ Networks

A dual U.S.-Estonian citizen accused of belonging to the notorious Scattered Spider hacking collective has been extradited from Finland to face federal charges in the Northern District of Illinois, the Department of Justice announced Tuesday. Peter Stokes, 19, was arrested by Finnish authorities in...

· Jul 02, 2026 · 3 min read · 👁 0 views
Alleged Scattered Spider Member Extradited to the US for His Role in Hacking 100+ Networks

A dual U.S.-Estonian citizen accused of belonging to the notorious Scattered Spider hacking collective has been extradited from Finland to face federal charges in the Northern District of Illinois, the Department of Justice announced Tuesday.

Peter Stokes, 19, was arrested by Finnish authorities in April under an Interpol Red Notice and extradited to the United States last week. He appeared in federal court in Chicago on Tuesday, where he was ordered held in law enforcement custody. A criminal complaint, unsealed the same day, charges Stokes with conspiracy, computer intrusion, and fraud.

Also tracked as Octo Tempest, UNC3944, and 0ktapus, Scattered Spider has been linked to more than 100 network intrusions against U.S. companies, generating over $100\$100$100 million in ransom payments and additional millions in collateral damage.

The group’s signature tactic involves social engineering employees to gain initial access to corporate accounts, then either encrypting victim data or exfiltrating it to remote infrastructure before demanding cryptocurrency payment to prevent data leaks or restore system access.

The complaint details one specific incident from May 2025 in which Stokes and co-conspirators allegedly breached a luxury jewelry retailer’s network, exfiltrated sensitive data, and demanded roughly $8\$8$8 million in cryptocurrency.

The retailer’s internal security team successfully expelled the threat actors before any ransom was paid, though the company still absorbed at least $2\$2$2 million in losses tied to business disruption, forensic investigation, and remediation efforts.

Assistant Attorney General A. Tysen Duva of the DOJ’s Criminal Division credited the arrest to years of coordinated work between the Criminal Division, the U.S. Attorney’s Office, and the FBI. U.S. Attorney Andrew S. Boutros emphasized the “significant and growing threat” posed by financially motivated cybercriminals operating from foreign jurisdictions, while FBI Cyber Division Assistant Director Brett Leatherman highlighted the role of international law enforcement partnerships in disrupting the group.

The FBI’s Chicago Field Office led the investigation, with support from the Bureau’s Copenhagen Legal Attaché Office. Prosecution is being handled by Assistant Deputy Chief Adrienne L. Rose of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS), alongside Assistant U.S. Attorneys Jennifer Chang and Ann Marie Ursini. The DOJ’s Office of International Affairs coordinated with Finland’s National Bureau of Investigation to secure the extradition.

Since 2020, CCIPS has secured convictions against more than 180 cyber and IP criminals and recovered over $350\$350$350 million in victim funds.

This case falls under Operation Riptide, the FBI’s ongoing initiative targeting cybercriminal actors, infrastructure, and financial networks. The operation comes as Americans reported over $20\$20$20 billion in cybercrime losses last year, a 26 percent year-over-year increase.

Source: CybersecurityNews.com

Follow ShomoySoft for more: Follow on Facebook

💬 Comments (0)

Login to join the discussion.

No comments yet. Be the first!

Related Articles

Recommended for you