A notorious hacking collective, Scattered Spider, has just seen one of its alleged members extradited to the United States to face charges. Peter Stokes, a 19-year-old dual citizen of the US and Estonia, was arrested in Finland last April while trying to board a flight to Japan. He is accused of helping his fellow hackers extort millions of dollars from high-profile companies worldwide.
Stokes, who used online handles like “Bouquet,” “Spencer,” and “Jordan,” is believed to have been involved in at least four Scattered Spider breaches. One notable example was the March 2023 hack of an online communication platform, where Stokes was just 16 years old. The collective’s modus operandi involves using social engineering tactics, like posing as employees to reset credentials, and exploiting multi-factor authentication (MFA) vulnerabilities.
The list of victims affected by Scattered Spider’s activities reads like a who’s who of big names: luxury item retailers, online communication platforms, and even public transportation systems. In one case, a multibillion-dollar retailer was hit in May 2025, with the hackers claiming to have stolen 100 gigabytes of data and demanding an $8 million ransom. The company refused to pay but still incurred over $2 million in disruption costs.
The charges against Stokes include fraud, conspiracy, and computer intrusion. He has been remanded in custody after appearing in federal court in Chicago. Assistant Attorney General A. Tysen Duva emphasized the severity of Scattered Spider’s crimes: “This group has caused over $100 million in ransom payments and millions more in damages to its victims.”
Scattered Spider, also known by other names like 0ktapus and Octo Tempest, emerged in 2022 as a loose collective of teenagers and young adults from the US and Great Britain. They have become notorious for using a combination of social engineering and MFA attacks to breach their targets’ networks.
The Scattered Spider case serves as a reminder that hacking groups can be highly organized and sophisticated. It’s essential for companies to stay vigilant and test their defenses regularly, rather than waiting until it’s too late. By simulating real-world attacks, security teams can identify vulnerabilities and prevent breaches before they happen. Don’t wait for attackers to discover your weaknesses – test every layer of your security today.
Source: Bleeping Computer — 2026-07-02