US judge sentences Scattered Spider member sentenced to 10 years in prison

News
By published

Noah Michael Urban pleads guilty to wire fraud, aggravated identity theft, and more

Cyber crime concept with man in handcuffs
(Image credit: Getty Images)
  • Noah Urban was arrested in January 2024, and pleaded guilty in April 2025
  • He is believed to be a key member of Scattered Spider
  • Urban was sentenced to 120 months in prison

For the first time, a member of the notorious Scattered Spider cybercrime gang was sentenced to prison for wire fraud, aggravated identity theft, and more.

Noah Michael Urban will be spending the next 10 years behind bars, the US Department of Justice (DoJ) has said.

Urban, known in the cybercriminal underworld as King Bob, Sosa, Elijah, or Gustavo Fring, will also have to forfeit roughly $4.8 million in assets such as cryptocurrency and other property, and pay $13 million in restitution to victims.

More Scattered Spider attacks

Urban was arrested in January 2024, and pleaded guilty on April 4, 2025. As per court documents, between August 2022 and March 2023 he stole cryptocurrency from at least 59 victims across the States employing, among other things, SIM-swap attacks to obtain personal information. He then used that information to access his victims’ wallets and transfer out the funds.

Urban is believed to be a “key figure” in the infamous Scattered Spider organization, CyberInsider reports.

His sentencing, the publication argues, is just one of many moves law enforcement has made against the group in recent times, including charging four other members for similar crimes: Ahmed Hossam Eldin Elbadawy (TX), Evans Onyeaka Osiebo (TX), Joel Martin Evans (NC), and Tyler Robert Buchanan (UK).

Unlike most hacking collectives, which are tightly knit and well-organized, Scattered Spider is a rather “loose” organization, researchers are saying. Still, the group managed to even draw the attention of the FBI, after wreaking havoc among different industries, from retail, to airline, to critical infrastructure.

Less than a month ago (while the five suspects were already in custody), the FBI issued a warning that Scattered Spider was only getting warmed up with its cyberattacks, urging businesses to be on their guard.

Together with the US Cybersecurity and Infrastructure Security Agency (CISA), and a handful of other security agencies in Canada, the UK, and Australia, the FBI warned Scattered Spider evolved to use more advanced social engineering - mostly impersonating employees to trick IT help desks into resetting passwords and transferring MFA tokens to attacker-controlled devices.

The hackers have also added new malware such as RattyRAT for stealthy access and DragonForce ransomware to encrypt systems and demand payment - especially targeting VMware ESXi servers.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.