A 20-year-old member of the cybercrime gang Scattered Spider has been sentenced to 10 years in U.S. federal prison for his involvement in a series of major hacking campaigns and cryptocurrency theft operations.
Sentencing Details
Noah Michael Urban pleaded guilty in April 2025 to charges of wire fraud and aggravated identity theft, according to reports from Bloomberg and News4JAX. Alongside a 120-month prison sentence, Urban will also serve three years of supervised release and must pay $13 million in restitution to victims.
In a statement shared with cybersecurity journalist Brian Krebs, Urban called the judgment “unjust.”
Background and Criminal Activities
Urban, also known by aliases such as Sosa, Elijah, King Bob, Gustavo Fring, and Anthony Ramirez, was arrested in Florida in January 2024. Between August 2022 and March 2023, he and his accomplices carried out multiple attacks that led to the theft of at least $800,000 from five victims, according to the U.S. Department of Justice (DoJ).
The group primarily used SIM swapping techniques to hijack cryptocurrency accounts and steal digital assets.
Later in November 2024, the DoJ unsealed additional charges against Urban and four other members of Scattered Spider. These charges highlighted their use of social engineering to infiltrate U.S. companies, breach corporate networks, steal sensitive data, and siphon millions in cryptocurrency.
Another indicted member, Tyler Robert Buchanan, was extradited from Spain to the U.S. in April 2025 following his arrest in Europe.
Expansion of Scattered Spider’s Operations
The sentencing comes as Scattered Spider has joined forces with ShinyHunters and LAPSUS$, forming a new cybercrime alliance. This coalition, linked to a larger English-speaking collective called The Com, is known for:
- Social engineering attacks
- SIM swapping
- Credential theft
- Initial access operations
- Ransomware deployment
- Data theft and extortion
Expert Insights
Adam Darrah, Vice President of Intelligence at ZeroFox, told The Hacker News that Scattered Spider has consistently used tactics designed to create fear and urgency. These include timed data leaks, countdown threats, and public taunts targeting victims and security companies.
He added that their alliance with other groups provides more tools, data, and infrastructure, making them even more dangerous. “When law enforcement pressure rises, groups consolidate. The result is a stronger and more adaptable operation,” Darrah explained.
Cybersecurity firm Flashpoint also profiled the gang, noting that the group targets entire sectors in waves, exploiting human weaknesses rather than just technical flaws. Their methods—such as vishing, smishing, and MFA fatigue attacks—highlight that even advanced security defenses can be bypassed through human deception.
