Full Report
In April, Noah Michael Urban pleaded guilty in a Florida courtroom to charges he had faced in two separate federal cases. Yesterday, he was sentenced in a Florida courtroom to ten years in prison and $13 million in restitution. In the Florida case, Urban, known online as “King Bob,” “Sosa,” “Elijah,” “Anthony Ramirez” and “Gustavo... Source
Analysis Summary
# Threat Actor: Noah Urban (aka "King Bob")
## Attribution & Identity
**Identified Actor:** Noah Michael Urban
**Known Aliases:** King Bob, Sosa, Elijah, Anthony Ramirez, Gustavo Fring
**Associated Groups:** Believed to be a member of Scattered Spider (also referred to as "The Com").
## Activity Summary
The provided article primarily discusses the sentencing of Noah Urban for criminal activities, focusing on his guilty pleas in two federal cases.
1. **Florida Case:** Pleaded guilty to conspiracy to commit wire fraud, wire fraud, and aggravated identity theft. Accused of stealing at least $800,000 in cryptocurrency from five victims between August 2022 and March 2023.
2. **California Case:** Pleaded guilty to one count of conspiracy to commit wire fraud.
He was also alleged to be a notorious music leaker, though no specific charges related to music leaks were filed.
## Tactics, Techniques & Procedures
- **SIM Swapping:** Used as the primary method to steal cryptocurrency from victims.
- **Wire Fraud:** Central charge leading to his conviction.
- **Aggravated Identity Theft:** Charged in connection with the fraud scheme.
- *(Note: Specific MITRE ATT&CK IDs are not available in this summary as the article focuses on judicial outcomes rather than technical deep dives.)*
## Targeting
- **Sectors:** Financial/Cryptocurrency owners.
- **Geography:** The cases involved federal courts in Florida and California, suggesting operations impacting victims across jurisdictions, though the victims' locations are not specified beyond stolen cryptocurrency.
- **Victims:** Five different cryptocurrency victims mentioned in the Florida case. Other individuals indicted alongside Urban are noted (Ahmed Hossam Eldin Elbadawy, Evans Onyeaka Osiebo, Joel Martin Evans), suggesting a broader network involved in similar activities.
## Tools & Infrastructure
- **Malware families used:** Not specified in the context of crypto theft, although the focus is on initial access/account takeover (SIM swapping).
- **Infrastructure (C2, domains, IPs):** Not detailed in the article. The individual mentioned posting from "county jail" on X.com, indicating use of unauthorized or limited communication methods post-arrest.
## Implications
The sentencing of a high-profile member like Noah Urban (King Bob) to 10 years and $13 million restitution highlights law enforcement's focus on dismantling cybercrime organizations like Scattered Spider, specifically targeting the criminally successful monetization phase involving cryptocurrency theft. However, the actor's public denial of remorse and alleged personal grievance against the presiding judge suggest that such high-profile convictions might not immediately deter other young members of these groups.
## Mitigations
- **Stronger Account Security:** Victims should implement multi-factor authentication (MFA) that is resistant to SIM swapping (e.g., hardware tokens or FIDO2 standards) for high-value accounts, especially cryptocurrency wallets.
- **Network Monitoring:** Organizations/individuals dealing with high-value assets should monitor for suspicious account takeover attempts and unusual activity following social engineering or credential compromise.