Skip to content

Windows GUID Leads to Arrest of Scattered Spider Attacker

At a Glance: The GUID assigned in the Windows system enabled the digital connection of Stokes to his cyberattacks and was instrumental in his conviction.

A member of the hacker group Scattered Spider was identified and convicted through the unique Windows system identifier GUID (Global Unique Identifier). Peter Stokes was initially arrested in Finland and then extradited to the United States.

Peter Stokes, alleged member of the cybercrime gang Scattered Spider, was arrested and extradited to the United States. According to court documents, the Windows GUID — the unique identification number assigned to each Windows system during installation — played a central role in uncovering his activities.

For CISOs, this case underscores the digital traceability of system configurations: the GUID is a persistent indicator that uniquely identifies systems over extended periods. In forensic investigations or attribution of cyberattacks, such system characteristics can expose attackers over the medium to long term if the perpetrators do not actively remove traces or obscure their systems.

Scattered Spider is known for extensive social engineering campaigns, credential theft, and access to critical infrastructure. The arrest of an alleged member demonstrates that even attackers who present themselves as technically sophisticated can be identified through classical digital forensics and identification features. Organizations should view this as evidence that persistence in investigation, combined with international cooperation among law enforcement agencies, can be effective even against established hacker groups.


Source: borncity.com · Published 6 July 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.

Share on: