UK Couple Pleads Guilty to Transport for London Cyberattack, Ties to Global Ransom Attacks

by Anika Shah - Technology
0 comments

Two British Men Plead Guilty to Cyberattacks on Transport for London

Two British men have pleaded guilty to charges related to a major cyberattack on Transport for London (TfL) in September 2024, an incident that disrupted public transit services across the capital. According to the UK National Crime Agency (NCA), 20-year-old Thalha Jubair of East London and 18-year-old Owen Flowers of Walsall admitted to unauthorized access to computer systems and endangering human welfare. The pair, identified as members of the prolific cybercrime collective known as Scattered Spider, entered their pleas at the start of proceedings in a London court.

How the Scattered Spider Group Operates

How the Scattered Spider Group Operates

Scattered Spider, also referred to by researchers as UNC3944, distinguishes itself from traditional ransomware gangs by specializing in social engineering and identity theft. According to the Cybersecurity and Infrastructure Security Agency (CISA), the group frequently uses SMS phishing and “SIM-swapping”—a technique where attackers trick wireless carriers into transferring a victim’s phone number to a device controlled by the hackers.

Once they gain access to a corporate network, the group often bypasses multi-factor authentication (MFA) to steal sensitive data or deploy ransomware. The group is linked to a series of high-profile intrusions, including the 2023 disruption of operations at MGM Resorts and Caesars Entertainment in Las Vegas.

Scope of the Criminal Charges

Cheers erupted as #AliAbulaban was given the #guilty verdict for double murder #CourtTV

The legal fallout from the group’s activities extends well beyond the United Kingdom. In September 2025, U.S. federal prosecutors in New Jersey unsealed an indictment alleging that Jubair and other associates were involved in a multi-year campaign targeting 47 U.S. entities. The Department of Justice alleges these intrusions resulted in at least $115 million in ransom payments between May 2022 and September 2025.

Beyond the TfL attack, court documents indicate that Flowers admitted to participating in a conspiracy to hack into U.S.-based healthcare providers, specifically SSM Health Care Corporation and Sutter Health. These charges highlight the group’s shift toward high-stakes targets, including essential infrastructure and healthcare systems, which significantly increases the severity of the potential criminal penalties under the UK’s Computer Misuse Act.

Comparison of Sentencing and Prosecution Outcomes

Comparison of Sentencing and Prosecution Outcomes

Law enforcement agencies in both the U.S. and the U.K. have accelerated efforts to dismantle the Scattered Spider network. The following table illustrates the recent legal outcomes for key members of the group:

Individual Status Key Charges/Outcome
Noah Michael Urban Sentenced (August 2025) 10 years federal prison, $13 million restitution.
Tyler Buchanan Guilty Plea (April 2026) Wire fraud conspiracy and aggravated identity theft.
Owen Flowers Guilty Plea (2026) Unauthorized access to TfL and U.S. healthcare systems.
Thalha Jubair Guilty Plea (2026) Unauthorized access to TfL; pending U.S. charges.

What Happens Next for the Defendants

While Flowers and Jubair have admitted their roles in the TfL and healthcare attacks, they remain subject to further legal processes. According to current court scheduling, both men are slated for sentencing in a London court on July 15, 2026.

The U.S. Department of Justice continues to pursue other alleged members of the group. Ahmed Hossam Eldin Elbadawy, Evans Onyeaka Osiebo, and Joel Martin Evans remain under indictment in the United States. As law enforcement agencies continue to track the digital footprints of these actors, the case serves as a precedent for the increasing international cooperation required to prosecute decentralized cybercrime syndicates that operate across borders.

Related Posts

Leave a Comment