- MGM Resorts and Caesars Entertainment were compromised by data breaches within weeks of each other.
- Scattered Spider, the hacking group, tricks people into handing over access to private systems.
- A cybersecurity expert says Scattered Spider is comprised of mostly young adults from the US and UK.
Weeks after Caesars Entertainment reportedly ponied up a $15 million ransom to hackers, a group known as Scattered Spider has targeted another major US casino operator: MGM Resorts.
It breached the company's internal networks and caused a series of digital outages — the MGM website was still down as of Thursday, and social media users were posting pictures of slot machines gone dark in Las Vegas.
Bloomberg reported that members of Scattered Spider used social engineering — a technique in which a hacker employs human interaction to gain access to a computer system. This can mean using an email phishing scheme or scam phone call to trick people into handing over the digital keys to a corporate network.
In the case of Caesars, the hackers made contact with an outside IT vendor as early as late August to eventually get into the casino operator's systems, Bloomberg reported, citing people familiar with the matter. Caesars eventually paid a $15 million ransom, CNBC reported.
On Sunday, the hacker group started to infiltrate MGM Resorts, leading to a shutdown of some of the brand's casino and hotel computer systems, like its corporate email, restaurant reservation, hotel booking, and digital key card access, CNBC said. The hackers also asked for a ransom from MGM, Bloomberg reported, citing two people familiar with the matter. It wasn't clear how the hackers were able to penetrate MGM's network.
The data breach is still affecting MGM's computer systems, four days after the initial attack. The company, in a message posted on X, said it was continuing "to work diligently to resolve our cybersecurity issue while addressing individual guest needs promptly."
MGM's website was still down as of late Thursday in New York, while users have taken to social media to showcase some apparently inoperable gambling machines at the company's Las Vegas location.
Scattered Spider is believed to be an offshoot of ALPHV, a ransomware gang, according to TechCrunch, with a representative of the group claiming responsibility for the MGM hack, but denying any involvement with the Caesar's breach. Still, Bloomberg reported the group was responsible for both of the attacks, citing four people it said were familiar with the matter.
Meanwhile, Charles Carmakal, chief technical officer for Mandiant Inc., a cyber defense company that is part of Google Cloud, posted to LinkedIn that the group is comprised of many members who "are native English speakers and are incredibly effective social engineers." Some are as young as 19, researchers say, according to Bloomberg.
"Although members of the group may be less experienced and younger than many of the established multifaceted extortion/ransomware groups and nation state espionage actors, they are a serious threat to large organizations in the United States," Carmakal said in his LinkedIn post.
Ultimately, the hacks on both companies were disclosed to investors. Caesars Entertainment filed a Form-8K with the US Securities and Exchange Commission, noting that it "incurred, and may continue to incur, certain expenses related to this attack, including expenses to respond to, remediate and investigate this matter." It said some costs could be offset by cybersecurity or other insurance claims.
MGM Resorts followed suit, filing its own Form-8K with the SEC. Forms-8K are documents filed with the SEC "to announce major events that shareholders should know about," the SEC says. The stock of both Caesars and MGM was up on Thursday.
Ransomware attacks, which broadly define the hacks that Scattered Spider used to gain access to both company's networks, reached new heights during the COVID-19 pandemic, prompting the US Treasury Department to issue guidance that urged victims not to pay attackers.
MGM Resorts and Caesars Entertainment both did not immediately respond to Insider's request for comment.