Noah Michael Urban, a key member of the notorious Scattered Spider cybercrime group, was sentenced to 10 years in the US prison following his guilty plea in April to charges of wire fraud and conspiracy.

Urban, known online as ‘King Bob,’ ‘Gustavo Fring,’ ‘Elijah,’ and ‘Sosa,’ was arrested in January 2024. He was later charged by the US Justice Department alongside four other members of the group, which has been linked to a string of financially motivated cyber-attacks targeting individuals and major corporations. The attacks typically involved SMS phishing campaigns designed to steal credentials and SIM swapping techniques. The stolen credentials allowed perpetrators to access cryptocurrency wallets and pilfer sensitive corporate and personal data.

In September 2023, Scattered Spider targeted hospitality and entertainment company MGM Resorts, using the BlackCat ransomware to encrypt over 100 servers. They’ve also worked with other ransomware gangs like Qilin, RansomHub, and DragonForce. Other targets include multiple major firms, such as Twilio, Coinbase, DoorDash, Caesars, MailChimp, Riot Games, and Reddit. Lately, they’ve shifted focus to aviation and transportation companies.

In July 2025, the UK authorities arrested four people linked to Scattered Spider.

It is estimated that the group stole millions in digital assets, with Urban admitting to personally stealing several million dollars in crypto. He has also confirmed his involvement in additional thefts and confessed to losing large sums of illicit money through online gambling.

Initially, prosecutors requested an eight-year sentence; however, the court handed down a 120-month (10-year) term. Urban was also ordered to pay $13 million in restitution to the victims.

Crypto influencer sentenced to prison for $3.5M cryptojacking scheme

Charles O. Parks III, a self-proclaimed crypto influencer, known online as “CP3O,” was sentenced to one year and one day in the US prison for orchestrating a large-scale cryptojacking scheme that defrauded cloud computing companies out of more than $3.5 million in resources. Restitution will be determined at a later date.

According to court documents, Parks ran the scheme between January and August 2021, using fake identities and bogus corporate entities to set up fraudulent accounts with two major cloud service providers. He tricked them into granting elevated computing privileges, which he then exploited to mine nearly $1 million in cryptocurrency, including Ether, Litecoin, and Monero.

To avoid detection, Parks falsely claimed he was building an online training platform intended to serve thousands of students. In reality, no such company existed. After mining the cryptocurrency, Parks laundered the funds through a web of exchanges, NFT marketplaces, and financial institutions.

In addition to the prison sentence, Parks was ordered to forfeit $500,000 and a luxury Mercedes-Benz purchased with proceeds from the scheme.

The US seizes $2.8M in crypto from an alleged Zeppelin ransomware operator

The US authorities have seized more than $2.8 million in cryptocurrency linked to a suspected Zeppelin ransomware operator. Ianis Aleksandrovich Antropenko was indicted in Texas on charges of computer fraud and money laundering in connection to the Zeppelin ransomware campaign that ran between 2019 and 2022. The operation primarily targeted healthcare providers and IT firms by exploiting flaws in managed service provider (MSP) software.

In addition to the digital currency seizure, authorities also confiscated $70,000 in cash and a luxury vehicle believed to have been purchased with illicit proceeds.

According to the DoJ, Antropenko used a variety of tactics to launder the ransomware payments, including routing funds through the now-defunct crypto-mixing service ChipMixer, which was taken down by international law enforcement in March 2023. He also allegedly utilized crypto-to-cash exchanges and ‘structuring’ methods that involve breaking large transactions into smaller ones to evade banking regulations.

The announcement of the seizure comes following similar actions targeting affiliates of the BlackSuit and the Chaos ransomware gangs. In the first case, the authorities confiscated cryptocurrency and digital assets worth over $1 million received by BlackSuit in ransoms, while in the latter instance, the FBI seized 20 Bitcoins worth around $2.4 million from a cryptocurrency wallet linked to a high-level member of the Chaos ransomware gang.

In addition, the US authorities have imposed restrictions on Grinex, the successor to the previously sanctioned Russian crypto exchange Garantex (also sanctioned by the EU in March 2025), for facilitating money laundering for ransomware gangs. Grinex emerged after US authorities seized Garantex’s domains in March 2025, following allegations it processed $100 million in illicit transactions. Sanctions were also renewed against Garantex, its co-founders, and six affiliated companies in Russia and Kyrgyzstan.

Two Garantex administrators, Aleksandr Mira Serda and Aleksej Besciokov, were charged, with Besciokov arrested in India in March 2025. Additionally, the US State Department is offering a reward of up to $5 million for information leading to the arrests or convictions of Garantex executives.

UK hacker jailed for compromising millions of user accounts

A 26-year-old man from Rotherham, UK, has been sentenced to 20 months in prison after admitting to a large-scale hacking campaign that targeted thousands of websites and compromised millions of user accounts.

Al-Tahery Al-Mashriky pleaded guilty on March 17 to nine offenses under the UK's Computer Misuse Act, narrowly avoiding a full trial.

Al-Mashriky was arrested in 2022 following a tip-off from US law enforcement. Authorities revealed he had targeted a wide array of victims, including government websites in Yemen, an Israeli news outlet, and organizations across the United States and Canada. Investigators discovered he had illegally obtained login details for more than 4 million Facebook users and held credentials for platforms like Netflix and PayPal.

Al-Mashriky, linked to extremist groups like 'Spider Team' and 'Yemen Cyber Army,' claimed on hacking forums to have compromised over 3,000 websites. While that number couldn’t be confirmed, forensic evidence did verify several major breaches, including the Yemeni Ministries of Foreign Affairs and Security Media. Other targets included North American religious sites and the California State Water Board. He also scanned Yemeni government sites to find security flaws and user credentials.

Get a Demo

ImmuniWeb can help you to prevent data breaches and meet regulatory requirements.

Operator behind Rapper Bot botnet-for-hire service faces up to 10 years in prison

Ethan Foltz, a 22-year-old American man, has been charged in the United States for creating and operating a botnet-for-hire service known as “Rapper Bot” (aka “Eleven Eleven Botnet” and “CowBot”), responsible for enabling hundreds of thousands of large-scale cyber-attacks worldwide.

Rapper Bot, which comprised tens of thousands of hacked IoT devices, such as digital video recorders (DVRs), Wi-Fi routers, and other hardware, is said to have been used to launch more than 370,000 DDoS attacks from April 2025 to August 2025 alone. The attacks targeted a US government network, a major social media platform, and several major American technology companies, according to the authorities. The attacks it facilitated were capable of generating massive traffic volumes, reaching 2 to 3 terabits per second (Tbps) and potentially peaking at over 6 Tbps.

In some cases, botnet’s clients used Rapper Bot for extortion, either by threatening to disrupt services or following through with attacks to pressure victims into compliance.

On August 6, 2025, federal law enforcement agents executed a search warrant at Foltz’s residence in Oregon, seizing digital evidence and dismantling the Rapper Bot infrastructure. Foltz now faces a federal charge of aiding and abetting computer intrusions, an offense that carries a maximum penalty of 10 years in prison if convicted.