Court Filing Reveals Windows Device ID Helped FBI Trace Alleged Scattered Spider Hacker

Summary

U.S. prosecutors have linked an alleged Scattered Spider hacker to a luxury jewelry retailer's breach using a persistent Windows device ID. Microsoft records connected this ID to the attackers' access account during the May 2025 intrusion and subsequently to online accounts believed to belong to 19-year-old Peter Stokes.

IFF Assessment

FOE

This article details a method used by threat actors to maintain access and evade detection during a cyberattack, which is bad news for defenders.

Defender Context

This case highlights how device identifiers can be crucial forensic evidence in tracing cybercriminals, even when other attribution methods are obscured. Defenders should be aware of how persistent identifiers can be exploited by attackers and ensure robust logging and monitoring are in place to track device activity.

Read Full Story →