A 19-year-old United States man and an Estonian citizen arrested in Finland earlier this month are facing charges in the US alleging he was a member of the notorious Scattered Spider hacking group.
According to unsealed court records obtained by the Chicago Tribune, the suspect (who used the online alias “Bouquet”) helped defraud millions of dollars from several major corporations around the world.
The alleged Scattered Spider member, who was allegedly arrested by Finnish law enforcement at Helsinki Airport on April 10 while trying to board a flight to Japan, is facing charges of fraud, conspiracy, and computer hacking.
In a six-count complaint filed under seal in December, prosecutors said Bouquet was involved in at least one Scattered Spider violation (including a March 2023 hack of the social networking site, carried out when he was 16) that forced the victims’ companies to pay millions of dollars in fines.
The list of companies breached with the help of Bouquet includes a multibillion-dollar “luxury retailer” in May 2025, where hackers allegedly called the company’s IT desktop posing as employees to reset authentication credentials, then gain access to administrator accounts.
The group later sent a ransom demand, claiming to have stolen 100 gigabytes of data, and eventually demanded $8 million. However, even though the company refused to pay, it still incurred more than $2 million in disruption and repair costs.
BleepingComputer reached out to the Department of Justice and the Attorney General’s Office for more information, but a response was not immediately available.
Scattered Spider cybercrime collection
Scattered Spider (also tracked as 0ktapus, Scatter Swine, Octo Tempest, Starfraud, UNC3944, and Muddled Libra) emerged in 2022 and is a cohesive, financially motivated hacking collective composed primarily of teenagers and young adults from the US and Great Britain.
According to the FBI, they are known to use a combination of social engineering, targeted multi-factor (MFA) bombing (MFA fatigue), and SMS phishing attacks to steal user information and sensitive documents in order to gain leverage after breaching their target’s networks.
The list of Scattered Spider victims includes many high-profile companies, such as Caesars, MGM Resorts, Riot Games, MailChimp, Twilio, DoorDash, Reddit, Allianz Life, UK retailers Co-op, Marks & Spencer (M&S), and Harrods, and, most recently, WestJet and Jaguar Land Rover (JLR).
Earlier this month, Tyler Robert Buchanan, 24, who is believed to be one of the leaders of Scattered Spider, pleaded guilty to charges in the United States of wire fraud and aggravated identity theft.
AI has tied four zero days to a single exploit that bypasses both renderer and OS sandboxes. A wave of new exploits is coming.
At the Automated Validation Conference (May 12 & 14), see how autonomous, context-rich validation finds usability, validates controls, and closes the correction loop.
Find Your Place
