Federal prosecutors charged a 19-year-old dual U.S.-Estonian citizen with wire fraud, conspiracy, and computer intrusion, alleging he’s a prolific member of Scattered Spider, the cybercrime collective that has breached Caesars, MGM Resorts, and a multibillion-dollar luxury retailer.
The suspect, known online as “Bouquet,” was arrested by Finnish law enforcement at Helsinki’s airport on April 10 while trying to board a flight to Japan. Prosecutors filed a six-count complaint under seal in December; temporarily unsealed court records were obtained by the Chicago Tribune.
The complaint covers at least four Scattered Spider breaches, including a March 2023 intrusion of an online communication platform committed when Bouquet was 16. His most recent alleged role: a May 2025 attack on an unnamed multibillion-dollar luxury item retailer. According to prosecutors, hackers called the company’s IT helpdesk posing as employees to reset authentication credentials, then escalated to administrator accounts. They claimed 100 gigabytes of stolen data and demanded $8 million. The company didn’t pay; it still absorbed more than $2 million in disruption and remediation costs.
Scattered Spider has been active since 2022, composed largely of teenagers and young adults from the U.S. and Great Britain, using social engineering, MFA fatigue attacks, and SMS phishing. Earlier this month, 24-year-old Tyler Robert Buchanan, believed to be one of the group’s leaders, pleaded guilty to wire fraud and aggravated identity theft.
No extradition timeline has been made public.
— James Okafor