Hacking Group Scattered Spider Claims Massive Data Theft from MGM Resorts and Caesars

The Scattered Spider hacking group has announced that it successfully acquired six terabytes of data from the systems of two major casino operators, MGM Resorts International and Caesars Entertainment, Reuters news report said.
MGM ResortsBoth companies have launched investigations into the breaches.

In a communication with Reuters via the messaging platform Telegram, a representative for Scattered Spider stated that they did not intend to make the stolen data public. They also declined to comment on whether they had demanded ransom from the companies. The representative said, “If MGM wishes to release that information, they will. We do not do that.”

The group’s contact information was provided to Reuters by a cybersecurity expert who runs an online repository of malware samples known as “vx-underground” but chose to remain anonymous. Caesars and MGM have not responded to requests for comment regarding the extent of the data breach.

Caesars reported to regulators that, on September 7, hackers accessed data on a significant number of its loyalty program members, including driver’s license numbers and social security numbers. While Bloomberg and The Wall Street Journal reported that Caesars had paid a ransom.

Earlier, MGM had announced that it was collaborating with law enforcement to address a “cybersecurity issue.”

Scattered Spider, also known as UNC3944, is recognized as one of the most disruptive hacking groups in the United States, according to Google’s Mandiant Intelligence. Security analysts have drawn attention to the group over the past year for its effective social engineering tactics. The group is known for reaching out to target an organization’s information security teams by phone, posing as an employee in need of a password reset.

“They tend to have most of the information they need before that call to the helpdesk – that is the last step,” explained Marc Bleicher, a security analyst experienced in forensic investigations of such hacks.

Mandiant has linked Scattered Spider to over 100 intrusions in the last two years at various companies, including gaming, technology, retail, telecom, and insurance firms, according to Charles Carmakal, chief technology officer at Mandiant.

Caesars attributed the breach to a “social engineering attack” on an IT vendor it used but did not specify the financial impact.

MGM, one of the world’s largest casino and hotel operators, continued to experience disruptions in its operations four days after the hack became public, with reports of slot machines displaying error messages at its Las Vegas casinos.

Some analysts speculate that Scattered Spider may be a subgroup of ALPHV, a ransomware hacking outfit that emerged in November 2021, as indicated by Mandiant.

The FBI has confirmed it is investigating the incidents at MGM and Caesars but has not provided further details.