Cybersecurity Shockwave: Scattered Spider Hacking Group Strikes MGM Resorts and Caesars Entertainment

In a shocking development, the Scattered Spider hacking group has announced that it successfully infiltrated the systems of two major casino operators, MGM Resorts International and Caesars Entertainment, making off with a substantial six terabytes of data. As both companies are now racing to assess the full scope of the breach, this incident underscores the ever-present threat to digital data and the evolving strategies employed by cybercriminals.

A representative for the Scattered Spider hacking group communicated with Reuters through the encrypted messaging platform Telegram and made it explicit that their primary intention was not to publicly release the stolen data—a departure from the typical modus operandi of cybercriminals who often accompany data breaches with ransom demands. The spokesperson also refrained from confirming whether the group had approached either company with ransom requests, stating, “If MGM chooses to release that information, they will. We do not engage in such practices.”

MGM Resorts
Do you have an MGM Resorts account?

The identity of the group’s contact, provided to Reuters by a cybersecurity expert overseeing the malware sample repository “vx-underground,” remains veiled in secrecy. Both Caesars and MGM have yet to disclose the exact extent of the data that was compromised.

Caesars Entertainment took the bold step of reporting the breach to regulators, revealing that on September 7, hackers accessed data related to a significant number of its loyalty program members. This data included sensitive information such as driver’s license numbers and social security numbers. Notably, Bloomberg and The Wall Street Journal previously reported that Caesars had paid a ransom in response to the attack, though Caesars itself has neither confirmed nor denied these reports.

MGM Resorts International also confirmed that it was grappling with a “cybersecurity issue.” As of the latest reports, the casino and hotel giant continues to experience disruptions to its operations, with visuals of slot machines displaying error messages circulating on social media platforms. The impact on MGM’s operations underscores the serious nature of the breach.

Scattered Spider, also known as UNC3944, has emerged as one of the most disruptive hacking groups operating in the United States, according to Google’s Mandiant Intelligence. Over the past year, this group has gained notoriety for its highly effective social engineering tactics. The hackers are known to initiate contact with an organization’s information security teams by phone, posing as employees in need of password resets.

Marc Bleicher, a security analyst with experience in investigating such hacks, noted, “They tend to have most of the information they need before that call to the helpdesk – that is the last step.” Mandiant has linked Scattered Spider to over 100 intrusions in the last two years, affecting a wide range of industries, including gaming, technology, retail, telecommunications, and insurance firms.

The multinational nature of the group’s members further complicates efforts to track and combat their activities. According to Charles Carmakal, chief technology officer at Mandiant, Scattered Spider’s members appear to be dispersed across several Western countries.

Caesars Entertainment attributed the breach to a “social engineering attack” on an IT vendor the company used. It didn’t quantify the financial impact.

Some analysts believe Scattered Spider is a subgroup of the ALPHV, a ransomware hacking outfit that emerged in Nov. 2021, according to Mandiant.

The FBI said it was investigating the incidents at MGM and Caesars, and declined further comment.