A 19-year-old dual U.S.-Estonian citizen using the alias “Bouquet” was arrested in Finland and faces U.S. federal charges including wire fraud, conspiracy, and computer intrusion for alleged involvement in Scattered Spider extortion campaigns. Prosecutors say he participated in multiple breaches—including a March 2023 hack when he was 16 and a May 2025 compromise of a multibillion-dollar luxury retailer that led to an $8 million ransom demand and more than $2 million in remediation costs. #ScatteredSpider #Bouquet
Keypoints
- The suspect, known online as “Bouquet,” was arrested at Helsinki airport on April 10 while trying to fly to Japan and now faces U.S. federal charges.
- Prosecutors allege his role in at least four Scattered Spider breaches, including a March 2023 incident committed when he was 16.
- Victims reportedly paid or faced demands totaling millions, with one luxury retailer receiving an $8 million ransom demand and incurring over $2 million in losses despite not paying.
- Scattered Spider is known for social engineering, MFA bombing (MFA fatigue), and SMS credential phishing to steal credentials and extort organizations.
- The group has targeted high-profile companies such as Caesars, MGM Resorts, Twilio, Reddit, MailChimp, and Harrods, and a suspected leader recently pleaded guilty in the U.S.