20-Year-Old Scattered Spider Hacker Pleads Guilty in Major Ransomware Case

A 20-year-old Noah Urban, a resident of Palm Coast, Florida, pleaded guilty to a series of federal charges in a Jacksonville courtroom.

Urban, linked to the infamous Scattered Spider hacking group, admitted to charges of conspiracy, wire fraud, and aggravated identity theft in Florida, as well as conspiracy to commit wire fraud in a separate California case.

The charges stem from Urban’s alleged involvement in complex crimes spanning cryptocurrency theft, phishing schemes, and ransomware attacks.

Prosecutors say he stole over $800,000 in cryptocurrency from five victims between August 2022 and March 2023 using a tactic known as “SIM swapping.”

By fraudulently porting victims’ phone numbers to devices he controlled, Urban and his co-conspirators gained access to cryptocurrency accounts through password resets and text message verification.

Massive Financial Losses and Restitution Agreement

The scope of Urban’s crimes is staggering, with losses totaling over $13 million across 59 victims, according to court documents.

As part of his plea deal, Urban agreed to make restitution to all victims, including some who were not directly tied to the offenses he pleaded guilty to.

This broad restitution arrangement signals the devastating financial impact of Urban’s actions on individuals and companies alike.

Urban’s assets tied to his criminal activities will also be forfeited, including significant cryptocurrency holdings such as Dai, Ethereum, Monero, Bitcoin, and Ripple, as well as $27,702 in cash seized from his residence.

According to the News4Jax report, his confiscated Ethereum holdings alone are currently valued at approximately $1.3 million. In addition, the plea agreement lists jewelry and six watches as part of the forfeited property.

Member of Scattered Spider Hacking Group

Federal officials identified Urban as a key member of Scattered Spider, a cybercriminal gang known for targeting large corporations and IT help desks.

The group employs tactics such as phishing text messages, impersonating IT staff, and leveraging stolen credentials to access systems, deploy ransomware, and steal sensitive data.

Urban’s aliases, “King Bob” and “Gustavo Fring,” reflect the group’s penchant for pop culture references as part of its online persona.

Authorities allege that between September 2021 and April 2023, Scattered Spider orchestrated phishing attacks designed to steal employee login credentials and access confidential corporate data.

Some phishing messages falsely warned employees that their accounts would soon be deactivated, redirecting them to fake websites resembling legitimate login portals.

The stolen information was used to access cryptocurrency accounts and siphon millions in virtual currency.

Urban admitted to investigators in May 2023 that he had personally profited several million dollars through cryptocurrency theft but lost most of the funds on online gambling sites.

When his computer was seized, it held approximately $2.89 million in cryptocurrency, later valued at $3.67 million in October 2024 due to fluctuating market prices.

While Urban awaits sentencing, expected in approximately 75 days, a pre-sentencing report will determine the appropriate federal sentencing range.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!