Noah Urban, a 20-year-old alleged member of the notorious cybercrime group Scattered Spider. Has pleaded guilty to multiple federal charges in connection with a string of high-profile hacking attacks. As part of his plea deal, Urban — who operated under the aliases “King Bob,” “Sosa,” and “Elijah”. Has agreed to pay $13 million in restitution to nearly 60 victims.
Urban was arrested in January 2024 along with four other suspected Scattered Spider members. The group, known for recruiting tech-savvy teens and young adults, was behind a series of bold cyberattacks. Including the highly publicized breaches of MGM Resorts and Caesars Entertainment in September 2023.
According to court filings, Urban and his co-conspirators used phishing and social engineering tactics to impersonate employees or vendors at targeted companies. These methods allowed them to trick real employees into handing over login credentials. Once inside, they accessed sensitive internal systems, stole personal data, and drained victims’ cryptocurrency wallets, pocketing millions in digital assets.
Scattered Spider’s playbook often includes SMS phishing (smishing), voice phishing (vishing), and SIM swapping, alongside the purchase of stolen credentials. The group also exploits cloud-native tools to maintain persistent access to enterprise cloud environments. Making their campaigns particularly stealthy and difficult to trace.
Urban initially pleaded not guilty to the charges filed against him in both California and Florida, but later struck a plea deal. He ultimately admitted guilt to charges including aggravated identity theft, wire fraud, and conspiracy to commit wire fraud.
Under the terms of the plea agreement, Urban will be required to pay restitution totaling $13 million to 59 victims whose data, finances, and accounts were compromised as part of the group’s criminal activities.
Scattered Spider has quickly risen to prominence within the cybercriminal world. Both for its audacity and the sophisticated nature of its attacks. The group’s focus on high-value corporate targets and its willingness to operate in broad daylight have made it a growing concern for both private security firms and federal investigators.
The Urban case marks one of the most visible legal actions against the group so far. However, authorities suggest that many members remain at large, continuing to pose a serious threat to organizations across sectors.
