Noah Michael Urban, a 20-year-old member of the notorious cybercrime group Scattered Spider, has been sentenced to 10 years in a U.S. federal prison for his involvement in multiple large-scale hacks and cryptocurrency thefts. Urban, who used several aliases including “Sosa” and “Gustavo Fring,” pleaded guilty to wire fraud and aggravated identity theft charges in April 2025. This sentencing follows his arrest in January 2024 in Florida, which was a result of an investigation into his activities between August 2022 and March 2023. According to the U.S. Department of Justice (DoJ), these attacks resulted in the theft of at least $800,000 from a minimum of five different victims.
Urban’s criminal activities involved using sophisticated social engineering techniques to deceive and manipulate individuals. Prosecutors stated that he and his co-conspirators primarily used SIM swapping attacks. This tactic involves tricking a mobile carrier into transferring a victim’s phone number to a new SIM card controlled by the attacker. Once they gained control of the phone number, they could bypass multi-factor authentication and hijack victims’ cryptocurrency accounts, subsequently stealing their digital assets. These methods allowed the group to circumvent even the most advanced technical defenses by exploiting human vulnerabilities.
The sentencing of Urban is part of a broader crackdown on Scattered Spider. In November 2024, the DoJ unsealed criminal charges against Urban and four other members of the group. The charges stemmed from their use of social engineering to target employees of various companies across the United States, breaking into corporate networks to steal proprietary data and siphon millions of dollars in cryptocurrency. One of Urban’s co-defendants, Tyler Robert Buchanan, was extradited from Spain to the U.S. in April 2024, highlighting the international scope of the investigation and the cooperation of law enforcement agencies to apprehend these criminals.
Experts in the cybersecurity field, like Adam Darrah from ZeroFox, note that Scattered Spider’s tactics are designed to create urgency and fear, forcing victims to pay out quickly. Their “playbook” includes timed leaks, countdown threats, and taunts directed at security firms. The group, also associated with the English-speaking collective “The Com,” has a history of engaging in a wide range of cybercrimes, including credential theft, social engineering, ransomware deployment, and data extortion. The pressure from law enforcement has led Scattered Spider to form alliances with other threat groups, such as ShinyHunters and LAPSUS$, to consolidate resources and survive. The result is a more versatile and potentially more dangerous combined operation.
According to a profile from cybersecurity firm Flashpoint, Scattered Spider operates by adopting a “wave-like approach,” focusing on a specific business sector and then attacking as many organizations within that vertical as possible in a short period. This method, along with their reliance on techniques like vishing, smishing, and MFA fatigue attacks, demonstrates their ability to exploit human weaknesses rather than just technical flaws. The successful prosecution and sentencing of Urban send a strong message that these cybercriminals, despite their youth and technical prowess, are not immune to justice and will face severe consequences for their actions.
Reference:
