MGM Resorts International fell victim to a cyberattack perpetrated by the same group of hackers who had previously breached Caesars Entertainment just weeks before, as revealed by four sources with knowledge of the situation.
Two of these sources disclosed that the hackers had demanded a ransom from MGM, although the exact amount and whether they employed ransomware to encrypt the company’s files remained unclear.
Caesars Entertainment did not respond to requests for comment, but it is anticipated that the company will soon report the cyberattack in a regulatory filing.
MGM, on the other hand, declined to address inquiries regarding the incident. In an official statement on Tuesday, MGM confirmed that an ongoing investigation was underway and reiterated its commitment to implementing additional security measures to safeguard its business operations.
As of the fourth day following the cyberattack, MGM was still grappling with the disruptions caused by the hackers, who go by the moniker “Scattered Spider.” Their activities had disrupted MGM’s websites, reservation system, and even some of the slot machines at their casinos nationwide, as indicated by two of the sources.
This group, Scattered Spider, also known as UNC3944, comprises hackers hailing from the United States and the United Kingdom, with some members as young as 19, according to a cybersecurity researcher familiar with their operations. Their modus operandi involved targeting telecommunications and business process outsourcing companies, executing SIM swaps on phone numbers to facilitate phishing attacks, data theft, and ransom extortion.
Charles Carmakal, Chief Technical Officer for Mandiant Inc., a part of Google Cloud, characterized Scattered Spider as “one of the most prolific and aggressive threat actors impacting organizations in the United States today.” Mandiant first encountered this group in May 2022.
Carmakal highlighted that many group members are young native English speakers and excel in social engineering tactics. In addition to ransomware, they have ventured into deploying encryptors and occasionally exposed victims on infrastructure shared with another hacking group, ALPHV.
The FBI reported in April 2022 that Scattered Spider had leased its ransomware to others, leading to compromises of at least 60 entities worldwide.
In the case of the MGM breach, there were indications that Scattered Spider may have collaborated with ALPHV, as confirmed by two sources familiar with the groups’ operations.
To extort money from their victims, hackers employ various techniques, including the use of ransomware, a type of malware that encrypts a victim’s computer files. The hackers then promise to provide a decryption key upon payment of an extortion fee.
Do you currently have a cyber security strategy in place for your business or non-profit organization?
Schedule your free consultation with NovaCore Solutions today.