- Wednesday, July 1, 2026

A Justice Department criminal complaint unsealed Tuesday charges Peter Stokes, 19, a dual U.S.-Estonian citizen, with conspiracy, computer intrusion and fraud for his alleged membership in Scattered Spider, a prolific cybercriminal hacking group.

Stokes was arrested by Finnish authorities in April under an Interpol Red Notice and extradited to the United States last week, according to the complaint. He made an initial court appearance Tuesday in Chicago federal court, where he was ordered to remain in law enforcement custody.

Assistant Attorney General A. Tysen Duva of the Justice Department’s Criminal Division said the charges allege Stokes was a member of Scattered Spider, a group tied to more than 100 network intrusions that have resulted in more than $100 million in ransom payments and additional millions in damages to victims. Duva credited the case to years of work by the Criminal Division, the U.S. Attorney’s Office for the Northern District of Illinois and the FBI.



U.S. Attorney Andrew S. Boutros for the Northern District of Illinois said the group’s attacks caused widespread disruption to American businesses and organizations and underscored the government’s commitment to keeping pace with technologically sophisticated cybercriminals, including those operating from foreign jurisdictions. FBI Cyber Division Assistant Director Brett Leatherman said Scattered Spider has repeatedly targeted U.S. companies, extorted employees, inflicted millions of dollars in losses and disrupted essential operations, adding that strong domestic and international partnerships remain key to holding such actors accountable.

According to the complaint, Scattered Spider — also known by aliases including “Octo Tempest,” “UNC3944” and “0ktapus” — has targeted U.S. corporate victims by fraudulently gaining access to employee accounts, then encrypting or exfiltrating company data before demanding cryptocurrency ransoms. Prosecutors allege Stokes and unnamed co-conspirators breached a luxury jewelry retailer’s computer systems, stole data and demanded approximately $8 million in cryptocurrency in May 2025. The retailer’s security team expelled the hackers before any ransom was paid, though the company still incurred at least $2 million in losses from business disruption, investigation and mitigation efforts, the complaint states.

The FBI’s Chicago Field Office led the investigation, with assistance from the bureau’s Copenhagen Law Enforcement Attaché Office. Assistant Deputy Chief Adrienne L. Rose of the Criminal Division’s Computer Crime and Intellectual Property Section, along with Assistant U.S. Attorneys Jennifer Chang and Ann Marie Ursini, are prosecuting the case. The Justice Department’s Office of International Affairs coordinated with Finnish authorities on the extradition, with assistance from Finland’s National Bureau of Investigation.

The case is part of Operation Riptide, an ongoing FBI campaign targeting the criminal actors, infrastructure and financial networks behind cybercrime, cyber-enabled crime and fraud. The Justice Department said Americans reported more than $20 billion in losses to cybercrime last year, a 26% single-year increase.

A complaint is merely an allegation, and all defendants are presumed innocent until proven guilty in a court of law.

Advertisement
Advertisement

This article was constructed with the assistance of artificial intelligence and published by a member of The Washington Times' AI News Desk team. The contents of this report are based solely on The Washington Times' original reporting, wire services, and/or other sources cited within the report. For more information, please read our AI policy or contact Steve Fink, Director of Artificial Intelligence, at sfink@washingtontimes.com

The Washington Times AI Ethics Newsroom Committee can be reached at aispotlight@washingtontimes.com.

Copyright © 2026 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.