Noah Michael Urban, the 20-year-old hacker from the notorious Scattered Spider group, was sentenced to 10 years in prison. Learn about his SIM swapping and phishing crimes that stole millions in cryptocurrency from companies and individuals.
A 20-year-old hacker, Noah Michael Urban, has been sentenced to 10 years in federal prison for his involvement in the notorious cybercrime group Scattered Spider (UNC3944). Urban, aka Sosa, Elijah, Gustavo Fring, and King Bob, pleaded guilty in April 2025 to wire fraud and aggravated identity theft charges in both Florida and California.
According to the DoJ’s press release, the court also ordered him to pay $13 million in restitution to his victims, which included people and companies. The judge, Harvey E. Schlesinger, gave a longer sentence than prosecutors had requested, and as per security journalist Brian Krebs’s report, Urban called it ‘unjust,” citing that the judge was personally targeted by another Scattered Spider member during his case.
“The judge purposefully ignored my age as a factor because of the fact that another Scattered Spider member hacked him personally during the course of my case,” Urban argued.
A History of Deceptive Attacks
Urban’s criminal activities, which took place from August 2022 to March 2023, involved a series of clever attacks. He and his co-conspirators used SIM swapping to steal at least $800,000 in cryptocurrency from five different people. In a SIM swap, hackers trick phone companies into moving a victim’s phone number to a new device they control, to intercept security codes and gain access to online accounts.
The group also launched large-scale social engineering attacks against more than 130 companies, including Twilio, LastPass, DoorDash, and MailChimp. The hackers sent fake text messages (SMS phishing) to employees, designed as if they were from their company’s IT department. The messages tricked them into entering their login details on fake websites, allowing the criminals to steal sensitive company data and cryptocurrency.
This approach was used in the Clorox breach in August 2023, where hackers, according to a lawsuit reported by Hackread.com, simply called the company’s IT partner, Cognizant, and tricked an employee into resetting a password. This single act allegedly led to a devastating ransomware attack that cost Clorox $380 million.
The Network
Urban’s aliases were well-known in an online cybercrime community called “The Com.” His activities were also tied to a SIM-swapping group called Star Fraud, which was reportedly involved in major extortion attacks against Caesars Entertainment and MGM Resorts. This shows how different hacking groups often work together to become more powerful.
Scattered Spider- A Serious Threat
The Scattered Spider group continues to evolve. Hackread.com has been reporting the group’s aggressive targeting of major high-profile companies in retail, airlines, and insurance, including UK giants M&S, Harrods, and Co-op.
These new attacks are particularly dangerous because they go after VMware vSphere environments, which are used to manage many computer systems at once.
This means, despite the arrests of some key members, including Tyler Robert Buchanan, who was extradited from Spain, the group remains a global threat and is always changing its methods.
