An exterior view of the Park MGM Hotel and Casino after MGM Resorts shut down some computer systems due to a cyber attack in Las Vegas, Nevada, USA, September 13, 2023. Portal/Bridget Bennett Acquires License Rights
Sept 14 (Portal) – The hacking group Scattered Spider said on Thursday it had stolen six terabytes of data from the systems of billion-dollar casino operators MGM Resorts International (MGM.N) and Caesars Entertainment (CZR.O) and was investigating the breaches.
Speaking to Portal on messaging platform Telegram, a representative for the group said it had no plans to publish the data and declined to comment on whether it had asked the companies for ransom. “If MGM wishes to release this information, it will do so. We don’t do that,” the person said.
The group’s contact was told to Portal by a cybersecurity expert who runs an online repository of malware samples called vx-underground and declined to be named. Caesars and MGM did not respond to requests for comment on the amount of data breached.
Caesars reported to regulators Thursday that it discovered that hackers stole data on a significant number of its loyalty program members on Sept. 7, including “driver’s license numbers and/or Social Security numbers.” Previously, Bloomberg and the Wall Street Journal reported that Caesars had paid a ransom, but Caesars declined a Portal request for comment on the matter.
MGM previously said it was working with law enforcement to resolve a “cybersecurity issue.”
According to Google’s Mandiant Intelligence, Scattered Spider, also known as UNC3944, is one of the most devastating hacking companies in the United States.
Several security analysts drew attention to the group last year for its effective social engineering tactics. People have been known to contact an organization’s information security teams by phone pretending to be an employee who needs to reset their password.
“They typically have most of the information they need before they call the help desk – that’s the final step,” said Marc Bleicher, a security analyst who has conducted forensic investigations into such hacks.
Mandiant has linked Scattered Spiders to over 100 intrusions in the past two years at companies ranging from gaming and technology firms to retailers, telecommunications and insurance companies, Charles Carmakal, chief technology officer at Mandiant, told Portal.
The group’s members appeared to be scattered across several Western countries, he added.
Caesars said the breach was due to a “social engineering attack” on an IT vendor used by the company. The financial impact has not been quantified.
Operations at MGM, one of the world’s largest casino and hotel operators, were still disrupted four days after the hack was reported. Social media posts featured images of slot machines displaying error messages at Las Vegas casinos.
According to Mandiant, some analysts believe that Scattered Spider is a subgroup of ALPHV, a ransomware hacking group that was founded in November 2021.
The FBI said it was investigating the incidents at MGM and Caesars and declined further comment.
Reporting by Zeba Siddiqui in San Francisco, Christopher Bing in Washington and Priyamvada C and Abhijith Ganapavaram in Bengaluru; Edited by Krishna Chandra Eluri and David Gregorio
Our standards: The Trust Principles.
Acquire license rights, opens new tab