Teenager nabbed in global hunt for Scattered Spider ransomware group members
In another win for the joint international cybersecurity task force, UK police have arrested a 17-year-old suspect linked to the notorious Scattered Spider hacking group. The teenager, whose name has not been released, is believed to be involved in the crippling ransomware attack that targeted MGM Resorts last year.
The arrest, coordinated by West Midlands Police, the National Crime Agency (NCA), and the FBI, is part of a wider investigation into Scattered Spider, a cybercrime syndicate responsible for a string of attacks on major companies.
While authorities haven't explicitly named the group, the timing and details point to Scattered Spider's involvement in the MGM hack, which caused significant disruptions and financial losses for the casino giant.
The teenager was charged with violation of the Blackmail and Computer Misuse Act but has been released on bail as the police complete their investigation. The suspect’s digital devices were confiscated and will be investigated for further evidence.
A Global Web of Crime
The MGM attack, which involved encrypting critical data and demanding a hefty ransom, highlighted the growing threat posed by cybercriminal groups like Scattered Spider. These groups often operate across borders, making international cooperation crucial in apprehending them.
The FBI, which has been tracking Scattered Spider's activities for some time, welcomed the arrest. "This is a clear message to cybercriminals everywhere: We will work tirelessly with our international partners to bring you to justice," said Bryan Vorndran, deputy director of the FBI's Cyber Division.
The arrest of the teenager is likely just one piece of a larger puzzle. Authorities believe there are more members of Scattered Spider operating worldwide and experts anticipate further arrests as the investigation continues.
About Scattered Spider
Scattered Spider also known as 0ktapus, Starfraud, UNC3944, Scatter Swine, Octo Tempest, and Muddled Libra, is a ransomware group mostly made up of individuals aged 19 to 22. The group is believed to have started in 2022 but gained notoriety last year after successful attacks on Caesars Entertainment and MGM Resorts International, two of the largest casino and gambling companies in the US.
In a 2023 FBI advisory, law enforcement outlined the hacking collective's skills and tactics, which include social engineering, phishing, multi-factor authentication (MFA) bombing, and SIM swapping to breach corporate networks.
Over the past year, members of the group have taken the unusual approach of partnering with Russian ransomware gangs, including BlackCat/AlphV, Qilin, and RansomHub.
