'Scattered Spider' Behind MGM Cyberattack, Targets Casinos

The ransomware group is a collection of young adults who also recently breached Caesars Entertainment and made a ransom score in the tens of millions.

1 Min Read
Spiderweb image
Source: Tim Plowden via Alamy Stock Photo

A threat group called "Scattered Spider" is reportedly behind the Sept. 10 MGM Resorts cyberattack, which days later is still keeping systems offline across the conglomerate's more than 30 hotels and casinos scattered around the globe.

According to a Reuters report that attributes the attack, citing sources familiar with the matter, the Scattered Spider ransomware group is believed to be made up of young adults in the US and UK. The group is known for using social engineering schemes to trick users into handing over their login credentials and is tracked as an affiliate for the BlackCat/ALPHV ransomware.

Scattered Spider also recently targeted Caesars Entertainment, which paid tens of millions in ransom to the cyberattackers, according to Bloomberg, which added that Caesars is expected to submit a required SEC regulatory filing in the coming days with more details on the attack. The group began targeting Caesars in late August, sources said.

"Scattered Spider (aka Roasted 0ktapus, UNC3944) leverages a combination of credential phishing and social engineering to capture one-time-password (OTP) codes, or it overwhelms targets using multifactor authentication (MFA) notification fatigue tactics,” according to a CrowdStrike report on the cybercrime group from January. “Having obtained access, the adversary avoids using unique malware, instead favoring a wide range of legitimate remote management tools to maintain persistent access.”

In the meantime, MGM Resorts websites remain down, and the investigation into the breach is ongoing.

About the Author

Becky Bracken, Senior Editor, Dark Reading

Dark Reading

Becky Bracken is a veteran multimedia journalist covering cybersecurity for Dark Reading.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights