MGM, Caesars reportedly hacked by same group within weeks; Caesars allegedly paid millions in ransom

The cyber incident that caused a widespread shutdown of IT systems at MGM Resorts International was reportedly carried out by the same group of attackers that breached Caesars Entertainment Inc. just weeks earlier.

Citing unnamed sources, Bloomberg reported that Caesars ended up paying tens of millions of dollars to the hackers. The breach initially occurred when the hackers infiltrated an external IT vendor before gaining unauthorized access to the company's network.

Sources indicated the publication that the hackers, known by the moniker "Scattered Spider," demanded a ransom from MGM Resorts International as well. The exact amount of the ransom and whether ransomware was employed to encrypt the company's files remains unclear.

As per the report, Caesars is expected to disclose details of the cyberattack in an imminent regulatory filing. Responding to Bloomberg, MGM Resorts declined to comment on the attack, stating that an investigation is ongoing and that they are actively implementing security measures to safeguard their operations.

The alleged cyberattack by Scattered Spider has caused significant disruption for MGM Resorts, impacting the company's websites, reservation system, and certain slot machines at its casinos across the United States, as confirmed by insiders to the publication.

Scattered Spider, also known as UNC3944, is a cybercriminal group composed of hackers primarily based in the United States and the United Kingdom, Bloomberg pointed out, citing a cybersecurity researcher familiar with the group.

The hackers include individuals as young as 19 years old. Scattered Spider has a track record of targeting telecommunications and business process outsourcing companies, employing techniques such as SIM swaps of phone numbers to execute phishing attacks, steal data, and extort ransoms.

Charles Carmakal, Chief Technical Officer for Mandiant Inc., which is part of Google Cloud, characterized Scattered Spider to Bloomberg as "one of the most prevalent and aggressive threat actors impacting organizations in the United States today."

The group came to Mandiant's attention in May 2022. Carmakal noted that many members of the group are highly effective social engineers and have started using ransomware encryptors. At times, they expose victims to infrastructure used by another hacking group known as ALPHV.

The FBI, in April 2022, reported that Scattered Spider had leased its ransomware to other entities, leading to compromises in at least 60 organizations worldwide. In the case of the alleged MGM hack, there are indications that Scattered Spider may have collaborated with ALPHV, the report said, citing two people familiar with the group’s operations.