A 19-year-old dual United States and Estonian citizen arrested in Finland on April 10 is now the subject of a U.S. federal criminal complaint that, according to temporarily unsealed court records obtained by the Chicago Tribune, accuses him of playing a prolific role in the Scattered Spider hacking collective.
Arrest at Helsinki airport and the sealed complaint
Finnish authorities arrested the suspect while he was attempting to board a flight to Japan at Helsinki’s airport, the reporting says. The individual—who used the online alias "Bouquet"—is facing charges in the United States that include wire fraud, conspiracy, and computer intrusion. Those allegations appear in a six-count complaint that was filed under seal in December and has since been temporarily unsealed, according to the Chicago Tribune's reporting of court records.
Allegations of multiple breaches, including one from 2023
Prosecutors say Bouquet was involved in at least four Scattered Spider breaches, including a March 2023 hack of an online communication platform that the complaint alleges occurred when he was 16. The complaint characterizes the accused as helping to extort millions of dollars from multiple large corporations worldwide, a central claim in the charges now reported.
The May 2025 "luxury item retailer" intrusion
The complaint, as described in reporting, singles out a May 2025 intrusion of an unnamed multibillion-dollar "luxury item retailer." Prosecutors allege the attackers phoned the retailer’s IT helpdesk, impersonating employees to obtain resets of authentication credentials, then used those resets to access administrator accounts. The group sent a ransom demand claiming to possess 100 gigabytes of stolen data and ultimately sought $8 million. The company refused to pay, but the incident still produced more than $2 million in disruption and remediation costs, according to the complaint.
Scattered Spider’s tradecraft and known victims
The collective tracked as Scattered Spider (also identified by several other names including 0ktapus, Scatter Swine, Octo Tempest, Starfraud, UNC3944, and Muddled Libra) surfaced in 2022. The source describes it as a loosely knit, financially motivated group composed largely of teenagers and young adults from the United States and Great Britain. The FBI, as reported, says the group is known for a blend of social engineering, targeted multi-factor authentication (MFA) bombing—also called MFA fatigue—and SMS credential phishing to steal credentials and sensitive documents that are then used for extortion.
- Reported victims named in the record include Caesars, MGM Resorts, Riot Games, MailChimp, Twilio, DoorDash, Reddit, and Allianz Life.
- UK retail victims cited include Co-op, Marks & Spencer (M&S), and Harrods.
- More recent victims listed in reporting include WestJet and Jaguar Land Rover (JLR).
What this means for technologists, affected enterprises, and law enforcement
Technologists and security teams will note the emphasis on social-engineering routes—phone-based helpdesk impersonation and MFA bombing—that prosecutors allege were used to obtain administrator access, underscoring the need to harden out-of-band recovery and identity workflows.
Affected enterprises and procurement leaders will see a stark cost calculus: an $8 million ransom demand in one case and more than $2 million in remediation despite the company’s refusal to pay. Those figures, as laid out in the complaint, highlight the downstream financial impact even when a ransom is not paid.
Law enforcement and prosecutors are already moving in parallel: the temporary unsealing of court records and an arrest abroad are paired with domestic prosecutions. Earlier this month a separate actor tied to the same collective—24-year-old Tyler Robert Buchanan—pleaded guilty in the United States to wire fraud and aggravated identity theft, a development the reporting ties into a broader push to hold Scattered Spider members to account. BleepingComputer said it reached out to the Department of Justice and the Office of the Attorney General for further comment; a response was not immediately available.
The publicly reported allegations leave a clear record: U.S. prosecutors have lodged a multi-count criminal complaint that traces active, high-dollar extortion campaigns to individuals described as members of Scattered Spider, and law enforcement activity is now international in scope. Readers should expect additional developments as court proceedings and any responses from the Department of Justice or the Office of the Attorney General become public.
