US authorities have filed federal charges against a suspected member of the Scattered Spider cybercrime group following his arrest in Finland, marking a significant step in ongoing efforts to dismantle one of the most active hacking collectives targeting major corporations.
The suspect, a 19-year-old dual US and Estonian citizen known online as “Bouquet,” was detained by Finnish law enforcement on April 10 at Helsinki Airport while attempting to board a flight to Japan.
According to court documents obtained by US prosecutors, the individual is facing multiple charges, including wire fraud, conspiracy, and computer intrusion. The case was initially filed under seal in late 2025 and later unsealed as part of the extradition process.
Authorities allege the suspect played a role in several high-profile cyberattacks attributed to the Scattered Spider group, a loosely organized hacking collective known for targeting large enterprises through social engineering and extortion campaigns.
Prosecutors claim the accused was involved in at least four separate breaches, some dating back to when he was 16 years old. These incidents reportedly resulted in millions of dollars in ransom payments from victim organizations.
The charges highlight the group’s broader operational model, which relies heavily on phishing, credential theft, and impersonation tactics to gain access to corporate systems. Once inside, attackers typically exfiltrate sensitive data and use it as leverage in extortion schemes.
The arrest in Finland is part of a wider international crackdown on Scattered Spider members, many of whom are believed to be young and geographically dispersed across the US and Europe. Law enforcement agencies have increasingly coordinated across borders to track and apprehend suspects linked to the group’s operations.
US officials are now seeking the suspect’s extradition to Chicago, where he is expected to face trial. The case remains ongoing, with investigators continuing to examine the full scope of his alleged involvement and any connections to additional attacks.