The Scattered Spider group conducted a high-profile cyberattack in August 2024 that crippled Transport for London's computer systems. Key members Owen Flowers and Thalha Jubair pleaded guilty to conspiracy to commit unauthorized computer access and causing risk of serious harm. The group engaged in widespread criminal activity including ransomware attacks, SIM swapping via a Telegram channel to intercept multi-factor authentication codes, and mass SMS phishing campaigns that compromised hundreds of organizations. Their operations spanned the UK and US, involving at least 120 intrusions and extorting over $115 million in ransom payments. Multiple members have been arrested and prosecuted in both countries.

The attack caused significant disruption to Transport for London's public transport network, risking serious damage to human welfare. The group’s activities led to operational outages, data theft, and financial losses exceeding $115 million in ransom payments. The SIM swapping and phishing campaigns compromised credentials and multi-factor authentication, enabling unauthorized access to numerous organizations including healthcare providers and retailers. The widespread nature of the attacks affected hundreds of entities across the UK and US.

The threat actors have pleaded guilty and are subject to legal prosecution, which disrupts their operations. No specific patch or technical remediation is applicable as this is a criminal campaign rather than a software vulnerability. Organizations should continue to strengthen defenses against SIM swapping and phishing attacks, including securing multi-factor authentication methods. Monitor official advisories for further guidance. Patch status is not applicable for this threat.