Peter Stokes, a 19-year-old dual US-Estonian citizen, was extradited from Finland to face charges related to participation in Scattered Spider hacking operations. The Department of Justice confirmed the extradition this week.
Stokes was brought to Chicago to face criminal charges for his alleged involvement with Scattered Spider, a hacking collective known for targeting high-profile organizations.
Background on Scattered Spider
Scattered Spider has been linked to significant cyberattacks against major corporations and infrastructure targets. The group employs social engineering and technical exploits to breach systems and exfiltrate data.
Extradition Details
The extradition from Finland marks another step in US law enforcement's efforts to pursue members of the hacking group. International cooperation between Finnish authorities and the DOJ facilitated Stokes' transfer to face US courts.
Significance
The case underscores how cybercriminal organizations operate across borders and how international extradition procedures are being used to hold members accountable. Stokes' dual citizenship—US and Estonian—does not shield him from US prosecution.
As more members of Scattered Spider face legal consequences, the extradition highlights the expanding reach of federal cybercrime investigations. The case may also reveal connections between members operating in different countries and their specific roles within the collective's operations.
Stokes joins other alleged Scattered Spider members who have faced criminal charges in recent years as authorities continue dismantling the organization.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.
Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.
A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.