In a significant development in the fight against cybercrime, 20-year-old Noah Michael Urban, a member of the notorious cybercriminal group Scattered Spider, has been sentenced to a decade in federal prison in the United States. This sentencing follows his involvement in a series of high-profile hacks and cryptocurrency thefts.
Urban, who operated under various aliases including Sosa, Elijah, King Bob, Gustavo Fring, and Anthony Ramirez, pleaded guilty in April 2025 to charges of wire fraud and aggravated identity theft. His criminal activities, spanning from August 2022 to March 2023, resulted in the theft of at least $800,000 from five victims. In addition to his prison term, Urban has been sentenced to three years of supervised release and is mandated to pay $13 million in restitution to his victims. Expressing his dissatisfaction with the verdict, Urban described the sentence as unjust in a statement shared with security journalist Brian Krebs.
The U.S. Department of Justice (DoJ) detailed that Urban and his accomplices employed SIM swapping techniques to gain unauthorized access to victims’ cryptocurrency accounts, subsequently draining their digital assets. SIM swapping involves fraudulently transferring a victim’s phone number to a SIM card controlled by the attacker, thereby intercepting calls and messages, including those used for two-factor authentication.
In November 2024, the DoJ unsealed charges against Urban and four other Scattered Spider members. The indictment revealed that the group utilized social engineering tactics to infiltrate corporate networks across the U.S., leading to the theft of proprietary data and siphoning of millions in cryptocurrency. One of the indicted individuals, Tyler Robert Buchanan, was extradited from Spain to the U.S. in April 2025 following his arrest in June 2024.
Scattered Spider, also known as UNC3944, has a history of employing sophisticated social engineering methods, including phishing, vishing (voice phishing), smishing (SMS phishing), and multi-factor authentication (MFA) fatigue attacks. These techniques exploit human vulnerabilities to bypass advanced technical defenses. The group has been linked to various cybercriminal activities, such as credential theft, ransomware deployment, data exfiltration, and extortion.
In recent developments, Scattered Spider has reportedly allied with other cybercriminal groups like ShinyHunters and LAPSUS$, forming a more formidable cybercrime consortium. This collaboration has enhanced their access to tools, data, and infrastructure, amplifying their operational effectiveness. Adam Darrah, Vice President of Intelligence at ZeroFox, noted that such alliances often emerge in response to increased law enforcement pressure, resulting in more versatile and potentially dangerous operations.
Cybersecurity firm Flashpoint highlighted that Scattered Spider adopts a wave-like approach, targeting specific sectors and attacking multiple organizations within that vertical in a short timeframe. Their focus on exploiting human factors rather than technical vulnerabilities underscores the importance of comprehensive security awareness training for employees.
The sentencing of Urban serves as a stark reminder of the severe consequences awaiting those involved in cybercriminal activities. It also emphasizes the critical need for organizations to bolster their cybersecurity measures, particularly against social engineering attacks, to safeguard sensitive data and financial assets.
