A threat group called "Scattered Spider" is reportedly behind the Sept. 10 MGM Resorts cyberattack, which days later is still keeping systems offline across the conglomerate's more than 30 hotels and casinos scattered around the globe.
According to a Reuters report that attributes the attack, citing sources familiar with the matter, the Scattered Spider ransomware group is believed to be made up of young adults in the US and UK. The group is known for using social engineering schemes to trick users into handing over their login credentials and is tracked as an affiliate for the BlackCat/ALPHV ransomware.
Scattered Spider also recently targeted Caesars Entertainment, which paid tens of millions in ransom to the cyberattackers, according to Bloomberg, which added that Caesars is expected to submit a required SEC regulatory filing in the coming days with more details on the attack. The group began targeting Caesars in late August, sources said.
"Scattered Spider (aka Roasted 0ktapus, UNC3944) leverages a combination of credential phishing and social engineering to capture one-time-password (OTP) codes, or it overwhelms targets using multifactor authentication (MFA) notification fatigue tactics,” according to a CrowdStrike report on the cybercrime group from January. “Having obtained access, the adversary avoids using unique malware, instead favoring a wide range of legitimate remote management tools to maintain persistent access.”
In the meantime, MGM Resorts websites remain down, and the investigation into the breach is ongoing.