Alleged Scattered Spider hacker extradited to the United States

Peter Stokes, a dual US and Estonian citizen, has been extradited to the United States to face charges related to his alleged involvement with the notorious Scattered Spider hacking collective. According to court documents, Stokes was involved in at least four high-profile breaches that resulted in millions of dollars being extorted from companies worldwide.

Stokes, 19, was arrested in Finland on April 10 while attempting to board a flight to Japan and is accused of helping extort money from multiple high-profile companies, including an unnamed luxury item retailer. In one incident, the hackers allegedly called the company’s IT helpdesk, posing as employees, to reset credentials and gain access to administrator accounts. The company refused to pay the $8 million ransom demand but still incurred over $2 million in costs due to operations disruption and remediation.

Scattered Spider is a loosely knit hacking collective composed of teenagers and young adults from the US and Great Britain. They are known for using social engineering, targeted multi-factor authentication (MFA) bombing, and SMS credential phishing attacks to steal user credentials and sensitive documents for extortion leverage after breaching their targets’ networks. The group has been linked to over 100 network intrusions, resulting in more than $100 million in ransom payments and millions more in damages.

Stokes now faces charges of fraud, conspiracy, and computer intrusion and has remained in custody after appearing in federal court in Chicago on Tuesday. Assistant Attorney General A. Tysen Duva noted that Scattered Spider has repeatedly targeted US companies, extorting employees, inflicting millions of dollars in losses, and disrupting essential operations.

The group’s tactics involve using a blend of social engineering and MFA attacks to gain access to sensitive systems. They often use the Genymobile Android emulator during their MFA attacks, which allows them to bypass multi-factor authentication measures. This highlights the importance of regularly testing and updating security protocols to prevent such attacks.

As cybersecurity threats continue to evolve, it’s essential for companies to stay vigilant and take proactive steps to protect themselves. This includes implementing robust security protocols, conducting regular penetration tests, and educating employees on social engineering tactics. By taking these measures, organizations can reduce the risk of falling victim to sophisticated hacking groups like Scattered Spider.

Ultimately, the extradition of Peter Stokes marks a significant step in bringing alleged members of Scattered Spider to justice. However, it also serves as a reminder that cybersecurity threats are ever-present and require constant attention from companies and individuals alike. By staying informed and taking proactive measures, we can better protect ourselves against such threats.


Source: Bleeping Computer — 2026-07-02