A Scattered Spider affiliate has been sentenced to ten years in prison and ordered to pay $13M (≈ €12.2M) in restitution for massive cryptocurrency theft and sensitive data breaches.
A U.S. federal court sentenced 20-year-old Noah Michael Urban to ten years in prison and three years of supervised release. A member of the cybercrime group Scattered Spider, he pled guilty to cryptocurrency theft and corporate system breaches through targeted phishing campaigns. Authorities say he caused losses estimated between $9.5M and $25M (≈ €8.9M–€23.5M), and must repay $13M (≈ €12.2M) to more than thirty victims. The case highlights the rise of Scattered Spider, already behind high-profile attacks against MGM and other strategic sectors, and underscores the evolution of organized, international cybercrime.
A harsher sentence than expected
On Wednesday, the federal judge imposed a sentence exceeding prosecutors’ recommendations. They had requested eight years in prison. Noah Michael Urban ultimately received ten years plus three years of supervised release. He must also pay $13M (≈ €12.2M) in restitution to more than thirty victims. The decision came less than a year after his March 2023 arrest.
A search of his home uncovered nearly $2.89M (≈ €2.71M) in cryptocurrency stored on his desktop computer. Urban admitted that all funds came from criminal activities with Scattered Spider. His plea agreement details active participation in phishing attacks designed to trick employees of major companies and bypass authentication safeguards.
Scattered Spider’s operating methods
Between August 2022 and March 2023, Urban and accomplices launched multiple malicious SMS campaigns. The stolen credentials granted access to internal accounts, enabling theft of cryptocurrency and confidential documents. Prosecutors estimate at least 16 victims were affected, with losses ranging from $9.5M to $25M (≈ €8.9M–€23.5M).
Scattered Spider is known for sophisticated social engineering. The group exploits “SIM swapping,” a technique that fraudulently transfers phone numbers to bypass two-factor authentication. This approach allowed them to infiltrate major corporate networks and steal large volumes of digital assets.
A Florida federal court handled three charges, with a fourth transferred from California. All relate to computer fraud and cryptocurrency theft.
Scattered Spider does not act alone. According to the FBI, it is part of a wider network known as “the Community,” composed of young, English-speaking cybercriminals. Several members have already been arrested abroad, including in the UK and Spain. In June 2024, a British national linked to the group was arrested in Palma de Mallorca, awaiting extradition to the United States.
The group gained notoriety after the 2023 MGM Casino attack. While that operation briefly paused their activity, it did not halt their expansion.
The 2025 offensive against critical sectors
Between March and July 2025, Scattered Spider coordinated a campaign targeting multiple strategic sectors. The offensive took the form of simultaneous attacks designed to overwhelm victims’ response capacity and create cascading effects across infrastructures.
Airlines were the first to be hit. Investigators say several major carriers suffered breaches that temporarily crippled reservation and flight planning systems. The disruptions caused mass delays, cancellations, and significant revenue losses while exposing passenger data. The goal appeared not only financial but also logistical disruption on a large scale.
The insurance sector was next. Groups affiliated with Scattered Spider allegedly breached internal systems of some of the country’s largest insurers. Attackers sought access to medical and financial databases, increasing risks of secondary fraud, digital extortion, and darknet resale of sensitive information. This shift signals a broader interest: no longer limited to cryptocurrency theft, the group is now exploiting large-scale data assets.
Finally, major retailers reported attacks against payment systems and e-commerce platforms. Several chains experienced service outages lasting days. Authorities note these attacks combined social engineering, employee account compromise, and internal network exploitation. They demonstrate the group’s growing maturity, capable of orchestrating multi-sector operations comparable to those of state-backed cyber units.
These 2025 assaults show that despite being young and decentralized, Scattered Spider uses methods typical of seasoned criminal organizations. Its ability to hit sectors as diverse as aviation, insurance, and retail reveals a clear strategy: disrupt essential industries for profit while exposing corporate defense gaps. [ZATAZ News English version]
