Scattered Spider can arguably lay claim to being one of the most infamous global hacking groups of recent years. Especially in the western world. The financially motivated English-speaking collective has been behind a series of high profile cyberattacks, starting in late 2023.
Despite several recent arrests supposedly connected to the group and its mostly young and male core members, it remains highly active to this day. From the methodology behind its attacks, to the key events in its rise in notoriety, this is what you need to know about Scattered Spider.
Las Vegas Casino Giants Taken Down
Scattered Spider first came to global attention when they hacked into the systems of Las Vegas-based gambling and hospitality corporations MGM Resorts International and Caesars Entertainment. The group locked employees out of the companies’ operations and demanded a ransom to open back them up.
Luckily for you, you don’t have to risk your freedom by hacking a Las Vegas-based gambling giant to find the best online casinos that payout. With a great online casino reviewers and comparison experts available 24/7, it’s never been easier to find a trusted, well-run online casino that fits your gambling style. Plus, great bonuses and promos await too. Caesars Entertainment allegedly coughed up $30 million to end the attack, but MGM held firm. It ended up costing $100 million in lost revenue as the majority of its global systems remained offline for 10 days.
Complicating matters for MGM, the head of the Federal Trade Commission at that time – Lina Khan – was visiting MGM Grand Las Vegas for a cyber security convention on the first day of the attack. Khan’s opinion of the emergency data protection procedure at MGM was less than stellar. So much so that a month later she initiated a full investigation into the operator’s policies. However, when Khan was booted from the FTC by a returning President Trump, the investigation was quietly dropped.
UK Retailers M&S and Co-op Targeted Next
After targeting Las Vegas, Scattered Spider moved across the Atlantic to the UK. In early 2025 UK superstore retailers Marks & Spencer and Co-op became the next high profile targets. Customers of both stores saw shelves empty and online orders disrupted for weeks after the attack took the chain stores’ IT systems offline.
Since then Scattered Spider has been busy with various targets. The group tends to pick several targets at once from one industry before moving on. Just a few other companies from dozens that have been hacked, with the perpetrators suspected to be or linked with Scattered Spider, include:
- Luxury London department store Harrods
- British car maker Jaguar Land Rover (JLR)
- Australian airline Qantas
- US internet provider AT&T
- Ticketmaster
- Financial providers VISA, Neiman Marcus and Transamerica
- Luxury fashion labels Dior and Victoria’s Secret
Scattered Spider’s modus operandi is mostly based around social engineering and security flaw exploits. For example, they are known to create fake web portals that are close to domains used by big firms behind the scenes. If unaware users click the link and enter their login details, the hackers are in. Once in they use ransomware software designed by and purchased from other hacking groups, to lock off systems and demand payment.
Some Members Apprehended, Others Loose on the Web
Throughout all this time of their increasing notoriety and criminal spree, law enforcement has been on Scattered Spider’s trail. Although many of their attacks on commercial companies have been hard to pin onto any particular member or link to a person, some of the group’s proclivity for mischief and personal vendettas has now caught up with them.
As well as attacking companies, several key members of the hacking collective allegedly coordinated to steal cryptocurrency from high profile individuals in the cryptocurrency community, and even other hacking groups. In total $11 million in crypto was taken from various individuals’ online wallets between 2022 and 2023 court documents said.
It was primarily this activity that got them caught, and led to several arrests. In mid-2024, one of the group’s alleged leaders, a 23-year-old Scottish national named Tyler Buchanan, was detained by international police force Interpol at an airport in Spain. He reportedly had $27 million in bitcoin stored across various wallets in his possession at the time of his arrest. In April 2025, he was extradited to the US to face charges in California. He could face up to 47 years behind bars for his proven involvement in various cryptocurrency and hacking scams.
Another reported key member of the loosely-organized and impulsive group is a 20-year-old from Florida named Noah Urban. He was arrested in early 2024 at his Florida residence and was this year sentenced to 10 years in prison, for his role in the $11 million cryptocurrency thefts. Despite the recent arrest of another four members, investigators believe the group is forming more international alliances to extend its web. In September 2025, Jaguar Land Rover became the most recent victim with disruption ongoing. So, that is the story so far, of Scattered Spider. Very condensed of course, but most of the key information you need to know.
