Law enforcement authorities in Finland recently apprehended a 19-year-old individual with dual citizenship in the United States and Estonia, who is now facing federal charges related to his alleged involvement with the infamous Scattered Spider hacking group.
Court documents, temporarily unsealed and disclosed by the Chicago Tribune, reveal that the suspect, known online as “Bouquet,” played a significant role in extorting substantial sums of money from numerous major corporations across the globe.
The individual believed to be a member of Scattered Spider was reportedly arrested at Helsinki’s airport on April 10 by Finnish law enforcement officers as he was about to board a flight to Japan. The charges against him include wire fraud, conspiracy, and computer intrusion.
An indictment filed under seal in December accuses Bouquet of participating in at least four separate cyberattacks orchestrated by Scattered Spider. One of the breaches, occurring in March 2023 when the suspect was only 16 years old, targeted an online communication platform and resulted in significant ransom payments from the victimized companies.
Among the breached entities aided by Bouquet was an unnamed luxury retailer in May 2025, where the hackers managed to access administrator accounts by posing as employees and resetting authentication credentials. Despite the company’s refusal to pay the $8 million ransom demand, it incurred over $2 million in remediation costs.
Efforts to obtain further information from the Department of Justice and the Office of the Attorney General are currently pending response, as reported by BleepingComputer.
Scattered Spider, also known by various aliases such as 0ktapus, Scatter Swine, Octo Tempest, Starfraud, UNC3944, and Muddled Libra, emerged as a financially motivated cybercrime collective in 2022. Comprised mainly of young individuals from the United States and Great Britain, the group has been implicated in a series of high-profile breaches targeting prominent companies.
The FBI attributes Scattered Spider’s success to its utilization of social engineering tactics, multi-factor authentication bombing, and SMS phishing attacks. By obtaining sensitive information through network breaches, the group aims to extort money from their victims.
Notable victims of Scattered Spider include Caesars, MGM Resorts, Riot Games, MailChimp, Twilio, DoorDash, Reddit, Allianz Life, as well as UK retailers Co-op, Marks & Spencer, and Harrods. Recent additions to their list of targets include WestJet and Jaguar Land Rover.
In a recent development, Tyler Robert Buchanan, a 24-year-old believed to be a key figure within Scattered Spider, pleaded guilty in the U.S. to charges of wire fraud and aggravated identity theft.
An artificial intelligence exploit chaining together four zero-days bypassed both renderer and operating system sandboxes, heralding a new wave of vulnerabilities. Learn about autonomous validation at the upcoming Summit on May 12 & 14, where advanced validation techniques uncover exploitable areas, verify control effectiveness, and facilitate remediation.
Claim Your Spot
EU Takes Action Against Instagram and Facebook for Violating Illegal Content Rules
Warning: Facebook Creators Face Monetization Loss for Stealing and Reposting Videos
Facebook’s New Look: A Blend of Instagram’s Style
Facebook Compliance: ICE-tracking Page Removed After US Government Intervention
Facebook and Instagram to Reduce Personalized Ads for European Users
InstaDub: Meta’s AI Translation Tool for Instagram Videos
Reclaim Your Account: Facebook and Instagram Launch New Hub for Account Recovery
Meta discontinues Messenger apps for Windows and macOS
Subscribe to our weekly newsletter below and never miss the latest News or an exclusive offer.
