×

Suspected member of “Scattered Spider” hacking group extradited to US from Finland, DOJ says

By Thomson Reuters Jul 1, 2026 | 1:44 PM

July 1 (Reuters) – A 19-year-old man accused of being a member of the criminal hacking group “Scattered Spider” was extradited to the United States from Finland to face federal conspiracy ​charges in Illinois, the Justice Department said on Wednesday.

Peter Stokes, ‌a dual citizen of the United States and Estonia, faces conspiracy, computer intrusion and fraud charges, according to a criminal complaint unsealed Tuesday. Stokes was arrested by Finnish authorities in April after the issuance of an Interpol Red Notice ‌and ​extradited to the United States last week, ⁠the department said. He made ⁠an initial appearance on Tuesday in federal court in Chicago and was ordered to remain in custody, it said.

The hacking group has been involved in more than 100 network intrusions, resulting in more ​than $100 million in ransom payments and millions more in damages to the victims, Assistant Attorney General A. Tysen Duva said in ⁠the Justice Department statement.

“Scattered Spider has repeatedly ⁠targeted U.S. companies, extorting employees, inflicting millions of ​dollars in losses, and disrupting essential operations,” said Assistant Director Brett Leatherman ​of the FBI’s Cyber Division.

U.S. prosecutors announced criminal charges in ‌2024 against other alleged members of Scattered Spider, a loose-knit community of hackers suspected of breaking into dozens of U.S. companies to steal confidential information and cryptocurrency. The group has been blamed for unusually aggressive ⁠cybercrime sprees, targeting major multinational companies as well as individual cryptocurrency investors.

Scattered Spider drew notoriety in September 2023 when members broke into and locked ⁠up the networks ‌of casino operators Caesars Entertainment and MGM Resorts ⁠International and demanded hefty ransoms. Caesars paid about $15 million ​to ‌restore its network. U.S. prosecutors have alleged that ​Buchanan and ⁠the other defendants conducted phishing attacks by sending bogus but real-looking mass text messages to employees’ mobile phones warning that their accounts would be deactivated unless they clicked on a link that would surreptitiously grant system access to the hackers.

(Reporting by Daphne Psaledakis and Christian Martinez; Editing ​by Chizu Nomiyama )