A hacker group thought to be made up mostly of minors has come forward claiming to be behind the MGM Entertainment hack, four days after the hotel network’s systems went down.
MGM Resorts, the owner of several casinos and resorts around the world, continues to navigate a widespread outage after a cyberattack on Sunday forced it to shut down systems across dozens of its hotels. While the hotel chain claims it is able to keep operating as usual, users report that its systems are not operational. The hacker group Scattered Spider, well known for using social manipulation and cyber loopholes, has now claimed responsibility.
SCHUMER AI FORUM DRAWS IRE OF BIG TECH FOES IN THE SENATE
A representative of the hacker group told TechCrunch that it was behind the MGM attack on Thursday. Scattered Spider was initially suspected after the malware repository collective vx-underground claimed the hacker group was involved. The group is believed to be part of ALPHV, a network of developers who create ransomware to take over computer systems. Scattered Spider has not released any files from MGM, making it hard to confirm its claim.
Scattered Spider is a Western-based hacker group made up primarily of minors, who are recruited because they face less severe penalties under the law if caught, according to Allison Nixon, chief research officer at the cybersecurity company Unit 221B. It reportedly hit more than 130 organizations in 2022 and stole the credentials of almost 10,000 employees, according to Cloudstrike.
The cyberattack is hurting the company. MGM shares have dropped 6% since Monday. The company filed a report with the Securities and Exchange Commission on Wednesday saying that the attack represented a material risk to the company. The major credit rating agency Moody’s also warned that the attack is highlighting “key risks” within MGM Resorts.
“We are continuing to work diligently to resolve our cybersecurity issue while addressing individual guest needs promptly,” MGM said in a statement on Thursday.
Scattered Spider is believed by some officials to be behind a recent cyberattack on fellow casino operator Caesars Entertainment, which paid half of a $30 million ransom to prevent the release of stolen data. It’s unclear if the rest of the ransom was paid off by a third party or is still being paid off. The representative of Scattered Spider said it had “no involvement” in the Caesars attack, only claiming culpability for the MGM Entertainment attack.
The group alleges that it was able to able to access MGM Hotel’s account through social engineering — it found a random employee’s profile on LinkedIn and called the help desk to get access to the employee’s account.
MGM customers reported that they were unable to charge expenses to their room, use their keys, or access ATMs. Others reported that the hotel’s gambling hardware was inactive.
CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER
The hack has affected systems across the U.S., including several hotels in Las Vegas as well as the MGM National Harbor location.
The FBI, Las Vegas Police Department, and MGM did not respond to requests for comment from the Washington Examiner.
