Noah Michael City, a key member of the Scattered Spider cybercrime collective, was sentenced to 10 years in jail on Wednesday after pleading responsible to expenses of wire fraud and conspiracy in April.
He was arrested in January 2024, and in November, the U.S. Justice Division charged City (often known as King Bob, Gustavo Fring, Elijah, and Sosa), together with 4 different suspects linked to the identical financially motivated cybercrime group. The fees included wire fraud, conspiracy to commit wire fraud, and aggravated identification theft.
Based on court docket paperwork, they had been capable of steal hundreds of thousands from cryptocurrency wallets between September 2021 and April 2023, utilizing credentials stolen in SMS phishing assaults concentrating on dozens of people and corporations.
In addition they used credentials stolen from hacked firms’ workers to loot confidential information, together with databases, private figuring out data, in addition to “confidential work product, mental property” from their programs.
All this stolen data was later used to hijack victims’ electronic mail accounts in SIM swap assaults, permitting them to realize management of their telephone numbers and cryptocurrency wallets to switch hundreds of thousands to wallets beneath their management.
In a Could 2023 interview with investigators, City said that he had made “a number of million {dollars}” from cryptocurrency theft between January 2021 and March 2023, along with being concerned within the theft of a number of million extra, including he nonetheless had a number of million left after dropping most of his earnings on playing websites.
As News4Jax first reported, City acquired a 120-month jail sentence, regardless of prosecutors having solely requested eight years, and also will be required to pay $13 million in restitution to the victims.
When investigative journalist Brian Krebs contacted City on Twitter after the sentencing, City responded from a county jail in Florida, stating that he believed the sentence was unjust. He argued that the decide had not thought-about his age as a mitigating issue as a result of one other Scattered Spider member had hacked the decide throughout the case.
The Scattered Spider cybercrime collective
Scattered Spider (additionally tracked as 0ktapus, Scatter Swine, UNC3944, and Muddled Libra, amongst others) is a fluid collective of risk actors recognized for classy social engineering assaults concentrating on high-profile organizations worldwide and for utilizing a variety of ways, together with phishing, SIM swapping, and multi-factor authentication (MFA) bombing.
Their assaults escalated in September 2023, after they breached MGM Resorts and encrypted greater than 100 VMware ESXi hypervisors utilizing BlackCat ransomware after gaining entry by impersonating an worker.
In some circumstances, Scattered Spider members have additionally partnered with ransomware operations, resembling Qilin, RansomHub, and DragonForce.
Excessive-profile organizations focused by Scattered Spider in recent times embody Twilio, Coinbase, DoorDash, Caesars, MailChimp, Riot Video games, and Reddit. Extra just lately, the risk actors have shifted their focus from concentrating on retail and insurance coverage firms to the aviation and transportation industries.
U.Ok. police arrested one other member of Scattered Spider in July 2024, a 17-year-old suspect believed to have been concerned within the 2023 MGM Resorts ransomware assault. In December 2024, U.S. authorities arrested one other teenager (a 19-year-old recognized on-line as “remi” additionally linked to Scattered Spider), charging him with breaching a U.S. monetary establishment and two unnamed telecommunications corporations.
46% of environments had passwords cracked, almost doubling from 25% final yr.
Get the Picus Blue Report 2025 now for a complete have a look at extra findings on prevention, detection, and information exfiltration traits.
