Young Hacker from Scattered Spider Pleads Guilty, Faces Prison and $13.2 Million in Restitution

Noah Urban, a 20-year-old member of the notorious hacker group Scattered Spider, has pleaded guilty to multiple cybercrimes. The young hacker now faces decades in prison and must pay $13.2 million in restitution to 59 victims affected by the group’s criminal activities.

From “Not Guilty” to Admission of Crimes

Urban, who operated online using multiple aliases including Sosa, Elijah, Gustavo Fring, and King Bob, was arrested in January 2024. The U.S. authorities announced charges against him in November 2024, simultaneously identifying four other alleged members of the Scattered Spider group.

Initially, Urban maintained his innocence by pleading not guilty. However, court documents reveal that last week he reversed course and admitted guilt to various charges filed against him in both California and Florida. According to local news source News4Jax, his plea agreement includes paying more than $13 million to 59 victims.

Charges and Potential Sentencing

Urban’s guilty plea covers serious federal crimes:

• Two counts of electronic fraud in Florida
• One count of aggravated identity theft
• One count of electronic fraud in California

The consequences are severe: each electronic fraud charge carries a maximum prison term of 20 years, while the aggravated identity theft charge adds a mandatory minimum of two additional years. Beyond prison time, Urban will face fines of at least $1 million.

Victims and Criminal Proceeds

Between August 2022 and March 2023, Urban and two other Scattered Spider members targeted both organizations and individuals, stealing approximately $3.5 million.

When law enforcement searched Urban’s residence in 2023, they discovered:

• Cryptocurrency worth over $3 million (at current rates)
• $27,702 in cash
• Jewelry and six luxury watches

Digital Evidence Trail

The search of Urban’s computer yielded substantial evidence:

• Programs designed to destroy files
• Victim passwords
• Credentials for various cryptocurrency wallets used in thefts

Investigators found transaction histories linking Urban to numerous crimes. In a surprising oversight for someone in his line of work, Urban failed to clear his browser history, which contained exact dates and times when he accessed victims’ email accounts.

Understanding Scattered Spider

The hacker group operates under multiple names, including:

• Starfraud
• Octo Tempest
• Muddled Libra
• 0ktapus (named by Group-IB)
• UNC3944 (identified by Mandiant)
• Scatter Swine (labeled by Okta)

Active since approximately 2022, this financially motivated group primarily targets organizations in:

• Customer relationship management (CRM)
• Business process outsourcing
• Telecommunications
• Technology sectors

Sophisticated Attack Methods

Scattered Spider is known for complex social engineering schemes, frequently involving SIM swapping attacks. The group has been linked to high-profile ransomware deployments using BlackCat (ALPHV), Qilin, and RansomHub against major targets, including MGM Resorts and Caesars Entertainment Casino.

In fall 2023, Mandiant warned that Scattered Spider had compromised at least 100 organizations, predominantly in the United States and Canada. Security specialists concluded that the core members of Scattered Spider were English-speaking individuals aged 16 to 22 years.