Scattered Spider Hacker Sentenced to 10 Years, Ordered to Repay $13M for SIM Swapping Crypto Theft

A 20-year-old member of the infamous cybercrime group Scattered Spider has received a ten-year prison sentence in the U.S. for his role in a series of high-profile hacks and cryptocurrency thefts. Noah Michael Urban, who pleaded guilty to wire fraud and aggravated identity theft in April 2025, will also face three years of supervised release and is required to pay $13 million in restitution to his victims. Urban, who used multiple aliases including Sosa and King Bob, was apprehended by U.S. authorities in Florida in January 2024, following crimes committed between August 2022 and March 2023 that resulted in the theft of over $800,000. In a statement to security journalist Brian Krebs, Urban decried the sentence as unjust.

Scattered Spider Hacker Sentenced to 10 Years and $13M Restitution for SIM Swapping Scheme

In a significant development within the realm of cybercrime, a 20-year-old associate of the infamous hacking collective known as Scattered Spider has been sentenced to ten years in federal prison for his involvement in a series of high-profile hacks aimed at cryptocurrency theft. Noah Michael Urban, who also operated under multiple aliases including Sosa and Gustavo Fring, pleaded guilty to charges of wire fraud and aggravated identity theft in April 2025.

The sentencing, reported by Bloomberg and local news outlet News4JAX, marks a crucial moment in combating financial crimes enabled by digital vulnerabilities. In addition to his decade-long prison term, Urban is subject to three years of supervised release and has been ordered to pay $13 million in restitution to the victims affected by his criminal activities.

Urban’s illicit actions spanned from August 2022 to March 2023, during which he orchestrated significant exploits, leading to the theft of at least $800,000 in cryptocurrency. Arrested by U.S. authorities in Florida in January 2024, Urban’s case illustrates the growing threat posed by cybercriminal groups that use sophisticated tactics to exploit both individuals and businesses.

In his statement, Urban referred to the sentence as unjust, a sentiment that highlights the complexities of criminal prosecution in the digital age. However, this sentiment does not diminish the seriousness of the offenses committed, which were facilitated through methods commonly associated with SIM swapping—a tactic that allows hackers to gain control of victims’ phone numbers and, ultimately, their online accounts.

The techniques employed in Urban’s attacks align with several tactics outlined in the MITRE ATT&CK framework. Initial access may have been achieved through social engineering or direct victim engagement, allowing the attackers to exploit trust and gain control over targeted systems. Persistence could have been established via secondary accounts or backdoors, while privilege escalation tactics may have enabled Urban to access sensitive information or execute unauthorized transactions.

This case serves as a stark reminder for business owners and cybersecurity professionals alike about the vulnerabilities associated with digital communications and the significant risks posed by criminal organizations like Scattered Spider. As cyber threats continue to evolve, the importance of implementing robust security measures, employee training, and ongoing vigilance cannot be overstated.

Ultimately, Urban’s sentencing underscores the pressing need for a concerted effort within the tech industry and beyond to fortify defenses against such evolving cyber threats. As authorities increase their focus on cybercrime, incidents like this signal a potential shift towards accountability and deterrence in the dark world of online criminal activity.

Source link

Related Posts

Title: The Rise of Weak Passwords and Account Breaches: Insights from the 2025 Blue Report

August 21, 2025
Password Security / Identity Protection

Security professionals often focus on countering advanced adversary techniques, yet many impactful attacks stem from compromised credentials. The latest Picus Security’s Blue Report 2025 reveals that organizations still struggle to prevent password cracking and detect the misuse of compromised accounts. As we reach the midpoint of 2025, it’s evident that compromised accounts remain a significant vulnerability, emphasizing the urgent need for a proactive stance against these threats.

A Wake-Up Call: The Alarming Increase in Successful Password Cracking

The Picus Blue Report offers an annual analysis of how effectively organizations are preventing and detecting genuine cyber threats, going beyond traditional measures to highlight critical areas for improvement.

Cybercriminals Utilize ClickFix Tactic and Fake CAPTCHA Pages to Distribute CORNFLAKE.V3 Backdoor

August 21, 2025
Malware / Cryptocurrency

Threat actors have been observed employing the ClickFix social engineering tactic to disseminate a versatile backdoor known as CORNFLAKE.V3. Google-owned Mandiant reported this activity, identified as UNC5518, as part of an access-as-a-service scheme that utilizes fake CAPTCHA pages to entice users into granting initial system access, which is subsequently monetized by other threat groups. “The initial infection method, referred to as ClickFix, involves tricking users on compromised websites into copying and executing a malicious PowerShell script through the Windows Run dialog,” Google detailed in a report released today. Access provided by UNC5518 is believed to be exploited by at least two distinct hacking groups, UNC5774 and UNC4108, to launch a multi-stage infection process and introduce additional payloads. UNC5774, another financially motivated group, employs CORNFLAKE to deploy various subsequent payloads. UNC4108, also a threat actor…

Remote Code Execution Risks Discovered in Commvault: Pre-Auth Exploit Chains Identified

August 21, 2025
Category: Vulnerability / Software Security

Commvault has issued updates to address four critical security vulnerabilities that could enable remote code execution on affected instances. The identified vulnerabilities arise in Commvault versions prior to 11.36.60, detailed as follows:

  • CVE-2025-57788 (CVSS score: 6.9): This vulnerability in a known login mechanism permits unauthenticated attackers to execute API calls without needing user credentials.

  • CVE-2025-57789 (CVSS score: 5.3): A flaw during the setup process allows remote attackers to exploit default credentials for administrative access before the first admin login.

  • CVE-2025-57790 (CVSS score: 8.7): A path traversal vulnerability enables remote attackers to gain unauthorized file system access, leading to potential remote code execution.

  • CVE-2025-57791 (CVSS score: 6.9): A vulnerability that allows attackers to inject or manipulate command-line arguments passed to internal components, resulting in further exploitation.

Former Developer Sentenced to Four Years for Sabotaging Ohio Employer with Kill-Switch Malware

A 55-year-old Chinese national has received a four-year prison sentence and three years of supervised release for deploying custom malware that targeted his former employer’s network. Davis Lu, 55, of Houston, Texas, was found guilty in March 2025 of intentionally damaging protected computers. He was arrested in April 2021 for misusing his position as a software developer to run malicious code on the company’s servers. While the company’s name was not disclosed, it has been identified as Eaton Corporation, a multinational power management firm based in Beachwood, Ohio. “The defendant violated his employer’s trust, using his technical expertise to disrupt network operations and causing significant financial losses to a U.S. company,” stated Acting Assistant Attorney General M…