U.S.

Finnish extradition sends alleged Scattered Spider hacker to U.S. court

An alleged Scattered Spider hacker was extradited from Finland to Chicago and ordered held in custody. Prosecutors say the group has fueled 100-plus intrusions and over $100 million in ransom.

Sarah Chen··2 min read
Published
Listen to this article0:00 min
Finnish extradition sends alleged Scattered Spider hacker to U.S. court
Source: US News & World Report

A 19-year-old accused of belonging to Scattered Spider has been extradited from Finland to the United States and is facing federal conspiracy charges in Illinois. Peter Stokes, a dual citizen of the United States and Estonia, made his initial appearance in federal court in Chicago on Tuesday and was ordered to remain in custody.

Federal authorities said Finnish police arrested Stokes in April under an Interpol Red Notice and extradited him last week. Court reporting around the case said he was detained in Helsinki while trying to board a flight to Japan. The arrest puts one of the group’s alleged operators into U.S. custody, a notable step in a case built around hackers who have been able to move across borders, identities and platforms while attacking victims from casinos to corporate networks.

The Justice Department has said Scattered Spider has been tied to more than 100 network intrusions and more than $100 million in ransom payments, along with millions more in damages. Prosecutors also charged other alleged members of the group in 2024, underscoring that the case against Stokes is part of a longer campaign to disrupt the network rather than a one-off arrest.

AI-generated illustration
AI-generated illustration

Scattered Spider is described as a loose-knit community of hackers based mainly in North America and Europe that emerged from The Com, a wider online ecosystem of mostly young, male, internet-savvy criminals known for extortion, sadism and violence. The group drew broad attention in 2023 after intrusions at Caesars Entertainment and MGM Resorts International. Caesars later disclosed a $15 million ransom payment, while MGM said the attack caused more than $100 million in losses and major operational disruption.

The FBI and the Cybersecurity and Infrastructure Security Agency said in a July 29, 2025 advisory that Scattered Spider targets large companies and their contracted IT help desks. Investigators said the group has used social engineering to gain access, then relied on legitimate remote-access and tunneling tools once inside. The same advisory said the hackers had recently deployed DragonForce ransomware, showing that the group has adapted as law enforcement and security teams have hardened defenses.

Related photo
Source: U.S. District Court records

The Stokes case also lands alongside another major federal move against the network. In September 2025, prosecutors charged Thalha Jubair in connection with at least 120 computer network intrusions and extortion targeting 47 U.S. entities. That broader record suggests the fight against Scattered Spider has become a test of whether U.S. law enforcement can keep pace with decentralized cybercrime crews that recruit quickly, move internationally and rely on identity theft and social engineering as much as code.

This article was produced by Prism’s automated news system from verified source data, official records, and press releases, then run through automated quality and moderation checks before publishing. The system is built and supervised by the people who set the standards it runs under. Read our full AI policy.

Did this article answer your question?

Discussion

More in U.S.