'Scattered Spider' Behind MGM Cyberattack, Targets Casinos
The ransomware group is a collection of young adults who also recently breached Caesars Entertainment and made a ransom score in the tens of millions.
September 14, 2023
A threat group called "Scattered Spider" is reportedly behind the Sept. 10 MGM Resorts cyberattack, which days later is still keeping systems offline across the conglomerate's more than 30 hotels and casinos scattered around the globe.
According to a Reuters report that attributes the attack, citing sources familiar with the matter, the Scattered Spider ransomware group is believed to be made up of young adults in the US and UK. The group is known for using social engineering schemes to trick users into handing over their login credentials and is tracked as an affiliate for the BlackCat/ALPHV ransomware.
Scattered Spider also recently targeted Caesars Entertainment, which paid tens of millions in ransom to the cyberattackers, according to Bloomberg, which added that Caesars is expected to submit a required SEC regulatory filing in the coming days with more details on the attack. The group began targeting Caesars in late August, sources said.
"Scattered Spider (aka Roasted 0ktapus, UNC3944) leverages a combination of credential phishing and social engineering to capture one-time-password (OTP) codes, or it overwhelms targets using multifactor authentication (MFA) notification fatigue tactics,” according to a CrowdStrike report on the cybercrime group from January. “Having obtained access, the adversary avoids using unique malware, instead favoring a wide range of legitimate remote management tools to maintain persistent access.”
In the meantime, MGM Resorts websites remain down, and the investigation into the breach is ongoing.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024