Chicago: US authorities have arrested and charged a teenager accused of being part of the cybercriminal group Scattered Spider, which has been linked to several high-profile cyberattacks, including incidents targeting Marks & Spencer (M&S) and Transport for London (TfL).
The Federal Bureau of Investigation (FBI) and the US Department of Justice announced that Peter Stokes, a 19-year-old dual citizen of the United States and Estonia, was extradited from Finland to the US to face charges of conspiracy, cyber intrusion, and fraud.
Stokes was arrested in Finland in April after an Interpol Red Notice was issued, requesting international law enforcement agencies to locate and provisionally detain him. He was extradited to the United States last week and appeared before a federal court in Chicago, where a judge ordered that he remain in custody while the case proceeds.
According to prosecutors, Stokes and his alleged co-conspirators infiltrated the computer systems of a luxury jewellery retailer in May 2025. The group is accused of stealing sensitive company data before demanding approximately $8 million (around £6 million) in cryptocurrency as ransom.

The retailer refused to pay the ransom after its cybersecurity team successfully removed the attackers from its systems. However, the company is believed to have suffered losses of about $2 million (around £1.5 million) due to operational disruption caused by the breach.
Andrew S. Boutros, US Attorney for the Northern District of Illinois, stated that the case demonstrates the government’s determination to pursue technologically sophisticated cybercriminals, including those operating across international borders, and hold them accountable for attacks on American businesses and victims.
Who is Scattered Spider?
Scattered Spider, also known by aliases including Octo Tempest, UNC3944, and 0ktapus, is a cybercriminal group believed to be responsible for more than 100 network intrusions worldwide.
Authorities estimate that the group’s activities have generated over $100 million (approximately £75 million) in ransom payments while causing millions of dollars in additional financial damage to victims.
Investigators believe some members of the hacking collective are as young as 16 years old and that they coordinate through online hacker forums to plan and execute cyberattacks.

