A 20-year-old man believed to be a member of the cybercrime ring known as Scattered Spider has pleaded guilty to charges brought against him in Florida and California.
Noah Urban of Palm Coast, Florida, was arrested in January 2024 and charges against him were unsealed by US authorities in November 2024, when four others believed to be members of Scattered Spider were named.
Scattered Spider, aka Starfraud, UNC3944, Scatter Swine, and Muddled Libra, made headlines in recent years over ransomware attacks aimed at high-profile companies, including hospitality and entertainment giant MGM Resorts.
The group is also believed to be behind the 0ktapus campaign, which targeted many organizations as part of an SMS-based phishing campaign.
Urban, known online as ‘Sosa’ and ‘Elijah’, has been charged alongside several others who are in their early and mid-twenties for conducting phishing attacks that led to the theft of millions of dollars worth of cryptocurrency.
These attacks often involve SIM swapping, which enables threat actors to bypass phone-based security mechanisms and hijack a targeted user’s online accounts by tricking mobile service providers into transferring the victim’s phone number to a SIM card they control.
Urban initially pleaded not guilty, but court documents show that last week he entered a plea deal over charges brought against him in both California and Florida. He has pleaded guilty to conspiracy to commit wire fraud, wire fraud, and aggravated identity theft.
Florida news outlet News4Jax reported that Urban has also agreed to pay a total of $13 million to 59 victims as part of his plea agreement.
Urban is also believed to be behind the online moniker ‘King Bob’, known for leaking unreleased music. An investigation conducted by cybersecurity journalist Brian Krebs found that he may have obtained the music that he leaked after targeting members of the music industry in SIM swapping attacks.
Scattered Spider is believed to have members in the US and other Western countries, as well as in Eastern Europe. Several of those in the West, including in the UK, appear to have done a poor job at covering their tracks.
Related: Russian Espionage Group Using Ransomware in Attacks
Related: Hellcat Hackers Unmasked
