20-year-old Noah Michael Urban, one of the notorious group Scattered Spider’s top members, was sentenced to a decade in prison. He masterminded a string of high-profile hacks and crypto heists. In April 2025, Urban admitted to wire fraud and aggravated identity theft charges. The U.S. Department of Justice’s answer was to impose the sentence. His crimes defrauded dozens of victims of at least $800,000 over a four-month period. This was both an embarrassing embarrassment and a tremendous success for the bug bountying cybercriminal collective.
In January 2024 Urban was found in custody in Florida under arrest. He was charged with wire fraud and aggravated identity theft, felonies he allegedly carried out between August 2022 and March 2023. Besides the inevitable prison term, he will be under supervised release for an additional three years. Unsurprisingly, he’s been ordered to pay an equally jaw-dropping $13 million in restitution to his scam victims.
Scattered Spider and Its Criminal Activities
Scattered Spider is linked to a larger, English-speaking cybercriminal collective called The Com. This cybercrime syndicate has achieved international fame for a series of high-profile operations marked by advanced social engineering methods, credential harvesting, and SIM swapper attacks. Scattered Spider has proven to be an artful and effective intruder into corporate networks. They’ve hijacked proprietary data and funneled millions of dollars in cryptocurrency through these maneuvers.
The crew is the best, top tactical wave style gang. They focus on one or two sectors and then release targeted attacks on many organizations within that vertical in a short timeframe. Through these tactics, you see how they take advantage of your security program’s weaknesses. They look at people, not just technical vulnerabilities.
“The tactics employed by Scattered Spider demonstrate their ability to exploit weaknesses in security programs by targeting people rather than strictly systems or technical vulnerabilities.” – Flashpoint
Recent Developments within Scattered Spider
Urban was ultimately sentenced and another Scattered Spider member, Tyler Robert Buchanan, was extradited from Spain to the U.S. in April 2025. Six months earlier, in June 2023, he had been arrested. To date, this has been a tremendous success story of law enforcement working together to shut down the operations of this cybercrime gang.
The Department of Justice responded in November 2024 by unsealing criminal charges against Urban. They arrested four additional members of Scattered Spider. These charges represent an extraordinary and unprecedented crackdown on the group. They’ve joined other breach-based threat groups including ShinyHunters and LAPSUS$ to form a new cybercrime supergroup. Depending on the various actors in this collaboration, it might greatly improve their technical capacities and broaden their reach in the underground cybercriminal landscape.
“Scattered Spider has historically leaned on tactics that generate urgency, drive media and industry attention, create fear of exposure, and help force victims to payout quicker.” – Adam Darrah, vice president of intelligence at ZeroFox
Implications for Cybersecurity
The technical details behind Scattered Spider’s activities serve as a stark reminder of the current threats organizations of all types and industries continue to face. Their attacks increasingly use social engineering methods, manipulating unsuspecting employees to provide access to lucrative corporate networks. As long as the threat landscape is always changing and becoming more sophisticated, strong cybersecurity practices will be even more important for organizations adopting these tools.