Scattered Spider Hacker 'SNA' Jailed for a Decade After Ruthless SIM Swapping & Cyber Extortion Spree

A significant blow has been dealt to the notorious Scattered Spider hacking collective as one of its key members, 21-year-old Noah Michael Urban – known online as 'SNA' – was handed a substantial 10-year prison sentence in a Florida court. This landmark ruling marks a stern warning to cybercriminals engaging in sophisticated digital heists and extortion.

Urban's conviction stems from his pivotal role in a multi-faceted cybercrime spree that terrorized numerous high-profile companies, including tech titans like T-Mobile, PayPal, Cloudflare, Coinbase, Mailchimp, Riot Games, Twilio, Rockstar Games, Uber, and DoorDash.

The charges against him included conspiracy to commit wire fraud, money laundering, and aggravated identity theft, paint a vivid picture of the group's expansive and destructive capabilities.

The Scattered Spider group, also tracked by various aliases such as UNC3944, Roasted Ocelot, Octo Tempest, Muddled Libra, 0ktapus, and Storm-1359, gained infamy for their audacious tactics.

Their modus operandi frequently involved sophisticated SIM swapping attacks, where they would gain control of victims' phone numbers by tricking mobile carriers. This access allowed them to bypass multi-factor authentication (MFA) systems, granting them unauthorized entry into corporate networks.

Once inside, Urban and his co-conspirators would unleash a torrent of malicious activities.

This included the rampant theft of sensitive data, which they then leveraged for extortion, threatening to leak proprietary information unless their demands were met. In some instances, they even attempted to deploy ransomware, though these efforts were largely thwarted.

Federal prosecutors highlighted Urban's deep involvement, revealing that he had been an active participant in SIM-swapping schemes since at least 2019.

His arrest in October 2022 was the culmination of an extensive investigation into the group's financially motivated English-speaking operations, which consistently targeted employees through social engineering to gain initial network footholds.

During the sentencing, the judge underscored the "remarkable depravity" of Urban's actions, emphasizing the profound financial and reputational damage inflicted upon the victim companies.

This verdict sends a clear message that the long arm of the law is extending its reach further into the digital underworld, holding individuals accountable for their contributions to large-scale cybercriminal enterprises.

While Urban's sentencing is a significant victory for law enforcement, the Scattered Spider group remains an active threat.

Cybersecurity experts continue to warn organizations to bolster their defenses against advanced social engineering tactics, robustly implement multi-factor authentication, and enhance employee training to counter the persistent threat posed by such highly organized and adaptable cyber adversaries.