UK law enforcement has arrested two teenagers, Thalha Jubair (19) and Owen Flowers (18), in connection with a cyber-attack on Transport for London (TfL) that occurred in August 2024. Both individuals are believed to be affiliated with the Scattered Spider hacking group.

Flowers had previously been arrested and released on bail over the TfL incident, and he now also faces accusations of cyber-attacks against healthcare organizations in the United States. Jubair has been charged in the UK for refusing to disclose passwords to encrypted devices. He was also charged in the US with a series of cybercrimes, including network intrusions, extortion, and money laundering, linked to attacks on at least 47 US entities between May 2022 and September 2025.

The attacks used social engineering techniques to breach into the target networks and then steal and encrypt information. The intruders then demanded ransom from victims in return for regaining control and preventing the leak of the stolen data.

The attacks caused major disruptions to US businesses, critical infrastructure, and even the federal court system in late 2024 and early 2025. Victims reportedly paid over $115 million.

In July 2024, authorities seized cryptocurrency wallets linked to suspect Jubair, recovering $36 million in digital assets. Jubair allegedly moved $8.4 million from one victim to another wallet and he is now faces multiple charges, including fraud and money laundering, with a potential sentence of up to 95 years in prison.

Meanwhile, a teenage boy suspected of participating in the 2023 cyber-attacks that disrupted major Las Vegas casino companies has surrendered to the US authorities. He faces six felony charges, including identity theft, extortion, and computer-related crimes. Prosecutors are seeking to try him as an adult.

The arrest is part of a broader FBI-led investigation into cyber-attacks on multiple Las Vegas casinos between August and October 2023, attributed to the Scattered Spider hacker group. One of the victims, MGM Resorts, reportedly refused to pay ransom and suffered $100 million in losses, while another victim company, Caesars Entertainment, allegedly paid half of a $30 million ransom demand and suffered a less severe impact.

Europolice halts €100 million cryptocurrency fraud across Europe

A major Europe-wide operation has dismantled a large-scale cryptocurrency investment fraud, resulting in the arrest of five suspects, including the main perpetrator. The scheme, active since at least 2018, defrauded over 100 victims across 23 countries, including Germany, France, Italy, and Spain, with estimated losses exceeding €100 million.

The main suspect ran sophisticated online platforms promising high returns on crypto investments. Victims were later asked to pay additional fees to recover their funds, after which the platforms disappeared, causing most to lose all their money. Funds were laundered through accounts, primarily in Lithuania.

In a coordinated effort, authorities conducted searches in Spain, Portugal, Italy, Romania, and Bulgaria, freezing bank accounts and other assets.

The operation involved multiple national authorities, including courts, prosecutors, and law enforcement agencies from Spain, Portugal, Italy, Lithuania, Romania, and Bulgaria.

The UK arrests a suspect in a major cyber-attack that disrupted European airports

The UK’s National Crime Agency (NCA) has arrested a suspect in connection with a ransomware attack that has caused widespread flight delays and cancellations across Europe.

The cyber-attack targeted the Multi-User System Environment (MUSE), a passenger processing software developed by Collins Aerospace, a subsidiary of RTX Corporation (formerly Raytheon Technologies). The MUSE system supports check-in, gate operations, and baggage handling for multiple airlines at major airports.

Affected airports include London Heathrow, Brussels Airport, Dublin and Cork in Ireland, and Berlin Brandenburg in Germany, among others. Airlines and airport authorities have reported cascading delays and system outages, with thousands of passengers facing disruptions.

The NCA confirmed that the arrest followed a joint investigation into the attack, which was first detected on Friday, September 19. While the investigation remains active, the suspect has been released on conditional bail.

$439 million seized in a global cybercrime crackdown

Authorities have seized more than $439 million in cash and cryptocurrency as part of Operation HAECHI VI. The coordinated operation, which ran from April to August 2025, involved law enforcement agencies from 40 countries across five continents. It targeted a broad range of digital fraud schemes, including investment scams, voice phishing, romance fraud, business email compromise, and sextortion, as well as money laundering linked to illegal online gambling.

More than 68,000 bank accounts linked to illicit activities were frozen, and 400 cryptocurrency wallets were seized. The operation also led to numerous high-profile arrests.

In particular, 45 suspects were detained in Portugal for allegedly accessing and altering social security accounts to siphon off funds intended for vulnerable families. Thai authorities confiscated $6.6 million from bank accounts controlled by a transnational criminal network made up of Thai and West African nationals. The funds were allegedly transferred by an unnamed Japanese corporation.

Operation HAECHI VI is the sixth major cybercrime bust in as many years. Last year, Operation HAECHI V led to the arrest of more than 5,500 individuals and the seizure of $400 million. A year earlier, HAECHI IV netted 3,500 arrests and $300 million in criminal proceeds.

Get a Demo

ImmuniWeb can help you to prevent data breaches and meet regulatory requirements.

Canada shuts down TradeOgre crypto exchange, seizes over $40M

The Royal Canadian Mounted Police (RCMP) has shut down the TradeOgre cryptocurrency exchange and seized more than $40 million in digital assets allegedly linked to criminal activities. The operation marks the first time a crypto exchange has been taken offline by Canadian law enforcement and represents the largest asset seizure in the nation’s history.

TradeOgre, a relatively small but widely used platform in privacy-focused crypto circles, was known for its lack of Know Your Customer (KYC) requirements and its focus on user anonymity.

According to the RCMP, TradeOgre was operating illegally in Canada by failing to register as a money services business with the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). Authorities say the platform also failed to comply with basic anti-money laundering (AML) protocols, including the identification of clients.

In a separate action, the US authorities have seized 12 domain names linked to five illegal online platforms, including SIKTOR, PP24, CVVUNION, VCLUB, and BLACK’S STASH, that sold stolen credit and debit card data, along with victims’ personal information. The investigation uncovered over one million compromised cards, with the stolen data organized to enable buyers to search by financial institution, location, or even individual victim names.