Crime & Scandals
UK Jails Alleged Scattered Spider Leader Linked to MGM Resorts and Caesars Cyberattacks
Posted on: July 16, 2026, 03:05h.
Last updated on: July 16, 2026, 03:05h.
A British man described by US prosecutors as a central figure in Scattered Spider, the hacking group linked to the 2023 cyberattacks on MGM Resorts and Caesars Entertainment, has been imprisoned by a UK court.

On Thursday (July 16), British national Thalha Jubair, 20, and his co-defendant, Owen Flowers, were each sentenced to five years and six months for the 2024 hack of Transport for London (TfL), the public body that operates the city’s Tube and bus systems.
The attack disrupted TfL’s online services for months and exposed the personal data of millions of customers.
Jubair is also wanted by US prosecutors in New Jersey on charges including computer fraud, wire fraud, and money laundering for hacks involving 47 US entities, including MGM and Caesars.
US authorities have not publicly announced an extradition request, although prosecutors could seek his transfer while he serves his British sentence or closer to his eventual release.
MGM’s $100 Million Hit
The MGM attack that began on September 10, 2023, disrupted the casino giant’s operations for several days, causing an estimated $100 million in damage after the operator refused to pay a ransom demand.
Scattered Spider had launched a similar cyberattack on Caesars a month earlier, although it was not reported until later. In that case, the operator agreed to pay around $15 million of an initial $30 million ransom demand after customer data was stolen, according to sources cited by The Wall Street Journal at the time.
“Scattered Spider” is a name coined by the cybersecurity community, not the hackers themselves. The individuals who attacked MGM and Caesars referred to themselves collectively as “Star Fraud” and were part of a larger, loose group of hackers called “the Com.”
US prosecutors allege that while still only in his teens, Jubair controlled servers used by the group, received portions of ransom payments through cryptocurrency wallets under his control, and laundered millions of dollars in criminal proceeds.
He allegedly negotiated ransomware payments directly with victims. One involved a $25 million cryptocurrency payment from a single unnamed company. Prosecutors say more than $115 million in ransomware payments were linked to him and his associates.
Prosecutors allege Jubair continued committing cybercrimes even after his arrest, including hacking the online accounts of a US federal magistrate judge overseeing proceedings against alleged co-conspirator Noah Urban in an apparent attempt to gather intelligence on the case.
Unimposing Figure
In court in London, Jubair cut a figure far removed from the international cybercriminal portrayed in US court filings, according to local reporting.
Slight, bespectacled and softly spoken, the 20-year-old was described as a loner with few friends who still lived with his parents in a 22-story public housing tower in one of east London’s poorest neighborhoods, despite prosecutors alleging he had access to tens of millions of dollars in stolen and extorted cryptocurrency.
Conversation (0)
Be the first to comment on this article.