Two British men pleaded guilty on the opening day of what had been scheduled as a six-week trial in the United Kingdom, admitting to criminal charges tied to a major cyberattack against Transport for London (TfL) in August 2024. The defendants, Thalha Jubair, 20, of East London, and Owen Flowers, 18, of Walsall, are identified by prosecutors and investigators as key members of the loosely organized cybercrime collective known as Scattered Spider.

Both men admitted to conspiring to commit unauthorized acts against TfL computer systems and to causing risk of serious damage to human welfare. Flowers additionally admitted involvement in a conspiracy to compromise the systems of U.S.-based healthcare providers SSM Health Care Corporation and Sutter Health in September 2024.

Scope of the Alleged Conspiracy

A New Jersey indictment unsealed in September 2025 alleges Jubair and other Scattered Spider members carried out computer fraud, wire fraud, and money laundering across 120 network intrusions targeting 47 U.S. entities between May 2022 and September 2025. Victims reportedly paid at least $115 million in ransom payments during that period. Jubair is also separately wanted by U.S. law enforcement agencies.

Prosecutors allege Jubair co-administered a Telegram channel called Star Chat, a hub for SIM-swapping operations. The group used voice- and SMS-based phishing to steal credentials from employees at major wireless carriers, then sold a service capable of redirecting targets’ phone numbers to attacker-controlled devices, enabling interception of calls, text messages, and multi-factor authentication codes. U.S. prosecutors list “Rocket Ace” as one of Jubair’s known handles, and earlier reporting identified him operating under the alias “Everlynn” as a teenager, selling fraudulent emergency data requests using compromised law enforcement email accounts.

Connections to High-Profile Attacks

Multiple sources familiar with the investigations indicated Flowers was the Scattered Spider member who gave anonymous media interviews following the group’s September 2023 ransomware attacks on Las Vegas casinos operated by MGM Resorts and Caesars Entertainment. Both men were arrested in July 2025 in connection with ransomware attacks against UK retailers Marks and Spencer, Harrods, and Co-op Group.

New Jersey prosecutors also allege Jubair participated in a mass SMS phishing campaign during the summer of 2022 that harvested single sign-on credentials from employees at hundreds of companies, leading to intrusions at more than 130 organizations including LastPass, DoorDash, Mailchimp, Plex, and Signal.

Related Prosecutions

Scattered Spider prosecutions are advancing on multiple fronts. In April 2026, British national Tyler Buchanan, 24, pleaded guilty to wire fraud conspiracy and aggravated identity theft for his role in the 2022 SMS phishing campaign. Buchanan is scheduled to be sentenced on October 2. In August 2025, Florida-based member Noah Michael Urban, 20, was sentenced to 10 years in federal prison and ordered to pay $13 million in restitution following his guilty plea on wire fraud and conspiracy charges.

Three additional defendants indicted alongside Buchanan still face pending charges: Ahmed Hossam Eldin Elbadawy, Evans Onyeaka Osiebo, and Joel Martin Evans.

Flowers and Jubair are scheduled to be sentenced at a London court on July 15, 2026.