US-Estonian Suspect Arrested Over Alleged Scattered Spider Cyberattacks

Summary

Peter Stokes, a 19-year-old dual US-Estonian citizen, was arrested in Finland on April 10 while attempting to board a flight to Japan. Prosecutors allege he is a prolific member of Scattered Spider, a transnational cybercrime collective, and charged him with wire fraud, conspiracy, and computer intrusion for breaches of major retailers and companies causing millions in losses. This arrest marks the second extradition tied to Scattered Spider, following Tyler Robert Buchanan's guilty plea to $8 million in cryptocurrency theft.

Full text

Cyber Crime Data BreachesUS-Estonian Suspect Arrested Over Alleged Scattered Spider Cyberattacks US-Estonian suspect Peter Stokes arrested in Finland over alleged ties to Scattered Spider, facing US charges for cyberattacks, fraud, and data breaches. byWaqasApril 29, 20264 minute read Peter Stokes, a 19-year-old dual citizen of the US and Estonia, was arrested earlier this month in Finland while attempting to board a flight to Japan, and prosecutors allege he is a prolific member of the loosely connected international hacking collective known as Scattered Spider. According to a criminal complaint obtained by the Chicago Tribune, the arrest happened on April 10 as Stokes prepared to fly to Tokyo. However, authorities were building a federal case against him for months. Stokes was charged in a six-count complaint filed under seal in December with wire fraud, conspiracy, and computer intrusion, and authorities are now working to have him extradited to Chicago. Stokes’s extradition would be the second tied to a member of the Scattered Spider hacker group. Last week, Tyler Robert Buchanan, a 24-year-old British hacker, admitted to a multi-year US hacking scheme involving at least $8 million in crypto theft. Buchanan was arrested in Spain and extradited to the United States. The “Bouquet” Persona and A Teenager’s Flashy Double Life Authorities allege that Stokes used the alias “Bouquet” for his online activities. He lived a lavish, jet-set lifestyle, traveling from Dubai to Thailand to New York, staying in five-star hotels, and openly displaying cash and jewelry. He also mocked the FBI in posts and messages, posting memes depicting his crew as mafia bosses and photos of himself wearing a diamond-studded necklace that spelled out in giant letters “HACK THE PLANET.” According to the complaint cited by the Chicago Tribune, Stokes, the son of a prominent European businessman, displayed unusual wealth for his age in recent years. Investigators say he posted photos on Facebook and Snapchat showing trips across Europe and to Mexico, Thailand, and Dubai. Authorities also highlighted a meme they consider revealing. Stokes shared an image from the TV show The Sopranos, edited with the aliases of alleged Scattered Spider members over different characters. In the version included in the charges, his first name, “Peter,” is placed over Carmine Lupertazzi Sr., a fictional New York crime boss. Peter Stokes Mocking Federal Investigators Stokes and his alleged co-conspirators appeared to treat federal investigators more as a joke than a threat. The complaint says he and other Scattered Spider members exchanged memes and messages mocking law enforcement tracking them. In one example cited by investigators, a co-conspirator sent Stokes an image in 2024 showing repeated failed login attempts alongside the message “F— off, FBI.” The taunting continued as the investigation closed in. In a January 2025 exchange, Stokes sent a co-conspirator images of a police station in Estonia with the caption, “Feel like Raymond Reddington season 1 episode 1 rn,” a reference to Raymond Reddington from The Blacklist, played by James Spader, who turns himself in to the FBI while offering to help catch high-profile criminals. The Alleged Hacks The charges allege Stokes took part in at least four Scattered Spider intrusions, including one when he was 16, causing millions of dollars in losses. His earliest alleged attack followed a common social engineering tactic. In March 2023, just months after his 16th birthday, Stokes allegedly targeted an online communications platform identified as “Company H” by requesting a reset of an employee’s two-factor authentication. Investigators say encrypted chats show him coordinating with an accomplice as they accessed sensitive data, including employee identification information. A later incident revealed that in May 2025, Stokes allegedly helped breach a multibillion-dollar luxury retailer by calling the company’s IT help desk and posing as an employee to reset credentials. The attackers then accessed administrator accounts, claiming to have stolen 100GB of data, and demanded $8 million. The company refused to pay but still reported more than $2 million in losses from disruption and recovery. Who is Scattered Spider? Scattered Spider is a transnational cybercrime group that targets large companies and their IT help desks, steals sensitive data, and uses it for extortion. Also known as Octo Tempest, the group is largely made up of teenagers and young adults. It emerged in 2022 in the US and UK and has since spread across Europe and Australia. Its victims include major retailers, airlines, and gaming companies such as MGM Resorts. According to the Federal Bureau of Investigation, members rely on tactics like social engineering, phishing, MFA bombing, and SIM swapping rather than advanced malware. Arrests Stokes is the latest in a series of arrests linked to the group. Tyler Robert Buchanan, described as a senior member, pleaded guilty in California to hacking US companies and stealing at least $8 million in cryptocurrency. Earlier, Noah Michael Urban was sentenced to 10 years in prison after pleading guilty to fraud and conspiracy charges. UK authorities have also made arrests. In July 2024, police detained a 17-year-old suspect linked to the 2023 attack on MGM Resorts. Other breaches attributed to the group include Caesars Entertainment, Riot Games, Mailchimp, Twilio, DoorDash, and Reddit. Waqas I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cybersecurity and tech world. I am also into gaming, reading and investigative journalism. View Posts ChicagoCyber AttackCyber CrimeCybersecurityEstoniaPeter StokesScattered SpiderSocial EngineeringUSA Leave a Reply Cancel reply View Comments (0) Related Posts Read More Security Data Breaches Hacking News Ticketmaster Breach: ShinyHunters Leak 440K Taylor Swift Eras Tour Ticket Data The ShinyHunters hacker group claims the Ticketmaster breach is far bigger than previously anticipated, stealing 193 million barcodes,… byWaqas Cyber Crime Hacking News Scams and Fraud Security Man gets 25 years for hacking lottery computers and winning $2.2 million In April 2015, it was reported that Eddie Raymond Tipton, a lottery computer programmer from Texas was arrested for hacking… byWaqas Read More Cyber Crime NHS Psychiatrist Jailed; Dark Web Forum and 7,000 Images Seized Closure for victims? byDeeba Ahmed Cyber Crime Hackers jailed for hacking National Lottery & withdrawing £13 Welp, here's something shocking... NOT. byUzair Amir

Entities