MGM Hack Led by Same Group That Attacked Caesars Entertainment

Listen to this news articleLISTEN TO THIS ARTICLE:

The recent cyberattack that hit MGM Resorts International and several of its properties is likely not an isolated incident. New information is surfacing that points the finger at a group of hackers that also recently hit casino operator Caesars Entertainment and possibly others.

Ransomware Attacks Target Gaming Industry

MGM was targeted by hackers who demanded payment in exchange for restoring access to the company's files. The exact amount of the ransom remains unknown, as well as whether the hackers employed ransomware to encrypt the files.

Four individuals familiar with the situation have revealed that MGM Resorts fell victim to a cyberattack from the identical group of perpetrators who had successfully infiltrated Caesars Entertainment a few weeks prior.

Caesars is remaining silent about the breach, yet it is anticipated that they will soon come forward and reveal the details of the cyberattack through official required filings. Nevertheless, undisclosed sources confirm that Caesars ultimately succumbed to paying hackers a substantial sum of money, reaching tens of millions of dollars.

These sources, who wish to remain anonymous due to the confidential nature of the matter, revealed that the hackers initially infiltrated an external IT vendor before successfully penetrating the inner workings of the company's network, as confirmed by two of the individuals.

On Tuesday, MGM issued a statement stating that the investigation is still in progress. The company asserted that it remains committed to enforcing measures for safeguarding its business activities.

Scattered Spider behind Attacks

According to two individuals, MGM was actively engaged in resolving the chaos triggered by the cyberattack carried out by a group known as Scattered Spider. Despite four days passing since the incident occurred, the hackers managed to disrupt various aspects of the company, including its websites, reservation system, and even some of the slot machines at its casinos nationwide.

A cybersecurity expert well-acquainted with Scattered Spider, alternatively referred to as UNC3944, has revealed that this group comprises young hackers ranging from the ages of 19 and up, hailing from the US and the UK.

The collective has set its sights on telecommunication and business process outsourcing firms in order to execute SIM swaps, a technique enabling them to seize control of phone numbers. This, in turn, facilitates phishing attacks to steal data from vulnerable systems and extract a ransom.

In a declaration by the FBI from April of last year, it was disclosed that the notorious group, known for its malicious activities involving ransomware, had made the decision to offer its hacking software to other parties. This collaboration has brought detrimental consequences to at least 60 different organizations across the globe, leaving them compromised and vulnerable. Additionally, informed sources have revealed a potential association between Scattered Spider and another entity called ALPHV, particularly in relation to the MGM hack case.