Noah Michael City, a key member of the Scattered Spider cybercrime collective, was sentenced to 10 years in jail on Wednesday after pleading responsible to prices of wire fraud and conspiracy in April.
He was arrested in January 2024, and in November, the U.S. Justice Division charged City (often known as King Bob, Gustavo Fring, Elijah, and Sosa), together with 4 different suspects linked to the identical financially motivated cybercrime group. The costs included wire fraud, conspiracy to commit wire fraud, and aggravated id theft.
Based on courtroom paperwork, they had been capable of steal thousands and thousands from cryptocurrency wallets between September 2021 and April 2023, utilizing credentials stolen in SMS phishing assaults focusing on dozens of people and corporations.
Additionally they used credentials stolen from hacked firms’ workers to loot confidential knowledge, together with databases, private figuring out data, in addition to “confidential work product, mental property” from their methods.
All this stolen data was later used to hijack victims’ electronic mail accounts in SIM swap assaults, permitting them to realize management of their telephone numbers and cryptocurrency wallets to switch thousands and thousands to wallets below their management.
In a Could 2023 interview with investigators, City acknowledged that he had made “a number of million {dollars}” from cryptocurrency theft between January 2021 and March 2023, along with being concerned within the theft of a number of million extra, including he nonetheless had just a few million left after dropping most of his earnings on playing websites.
As News4Jax first reported, City obtained a 120-month jail sentence, regardless of prosecutors having solely requested eight years, and also will be required to pay $13 million in restitution to the victims.
When investigative journalist Brian Krebs contacted City on Twitter after the sentencing, City responded from a county jail in Florida, stating that he believed the sentence was unjust. He argued that the choose had not thought of his age as a mitigating issue as a result of one other Scattered Spider member had hacked the choose through the case.
The Scattered Spider cybercrime collective
Scattered Spider (additionally tracked as 0ktapus, Scatter Swine, UNC3944, and Muddled Libra, amongst others) is a fluid collective of menace actors identified for classy social engineering assaults focusing on high-profile organizations worldwide and for utilizing a variety of ways, together with phishing, SIM swapping, and multi-factor authentication (MFA) bombing.
Their assaults escalated in September 2023, after they breached MGM Resorts and encrypted greater than 100 VMware ESXi hypervisors utilizing BlackCat ransomware after gaining entry by impersonating an worker.
In some circumstances, Scattered Spider members have additionally partnered with ransomware operations, comparable to Qilin, RansomHub, and DragonForce.
Excessive-profile organizations focused by Scattered Spider lately embrace Twilio, Coinbase, DoorDash, Caesars, MailChimp, Riot Video games, and Reddit. Extra just lately, the menace actors have shifted their focus from focusing on retail and insurance coverage firms to the aviation and transportation industries.
U.Ok. police arrested one other member of Scattered Spider in July 2024, a 17-year-old suspect believed to have been concerned within the 2023 MGM Resorts ransomware assault. In December 2024, U.S. authorities arrested one other teenager (a 19-year-old identified on-line as “remi” additionally linked to Scattered Spider), charging him with breaching a U.S. monetary establishment and two unnamed telecommunications corporations.
46% of environments had passwords cracked, almost doubling from 25% final 12 months.
Get the Picus Blue Report 2025 now for a complete take a look at extra findings on prevention, detection, and knowledge exfiltration developments.
