**Alleged Member of Hacking Group 'Scattered Spider' Arrested in Finland**
*By Nathan Rennolds*
*Published on 02/07/2026 - 9:20 GMT+2*
An alleged member of the notorious hacking group known as "Scattered Spider" has been arrested in Finland and subsequently extradited to the United States, according to an announcement from U.S. authorities. The individual, identified as 19-year-old Peter Stokes, was apprehended in April and faces multiple charges including conspiracy, computer intrusion, and fraud.
Stokes, who holds dual citizenship in the United States and Estonia, made his initial appearance in a federal court in Chicago on Tuesday. During this hearing, he was ordered to remain in custody as legal proceedings continue. The charges against him stem from an incident in May 2025, where he and alleged co-conspirators targeted the computer systems of a luxury jewelry retailer. The group is accused of exfiltrating sensitive data and demanding a ransom of approximately $8 million in cryptocurrency.
Fortunately for the retailer, no ransom was paid as their security personnel successfully managed to eliminate the threat from their network. However, the incident resulted in significant financial repercussions for the company, which reported losses exceeding $2 million due to business disruptions, investigations, and mitigation efforts.
Scattered Spider, also referred to as "Octo Tempest," "UNC3944," or "0ktapus," is recognized for its involvement in a series of high-profile cyberattacks globally. The FBI has linked the group to over 100 network intrusions, which have collectively led to more than $100 million in ransom payments and substantial damages across various sectors.
The group's activities have not only impacted businesses but have also drawn attention from law enforcement agencies worldwide. In a related development, two individuals in the UK, Thalha Jubair, 20, and Owen Flowers, 18, recently pleaded guilty to orchestrating a cyberattack on Transport for London (TfL), the organization responsible for the city's transport network. Their breach, which occurred between August 31 and September 3, 2024, forced all 28,000 TfL employees to attend an office for a mandatory password reset, resulting in reported losses and recovery costs amounting to £29 million.
Paul Foster, head of the National Cyber Crime Unit in the UK, highlighted the growing threat posed by cybercriminals, particularly those operating from English-speaking countries. He noted that the profiles of offenders like Flowers and Jubair exemplify the increasing risks associated with groups like Scattered Spider.
As the investigation into Stokes and his alleged activities continues, authorities remain vigilant against the evolving landscape of cybercrime, emphasizing the need for robust security measures to protect sensitive data and corporate networks from similar threats.