On Tuesday, a group of cybercriminals calling themselves ALPHV/BlackCat disrupted the MGM Resorts casino network. The hackers claim to have obtained confidential information and are demanding a ransom, but the company has so far refused to pay. And the casino chain Caesars Entertainment allegedly paid “tens of millions of dollars” Hackers threatened to release stolen information, including customer data. The hack was carried out by the Scattered Spider group, although ALPHV also insists on their involvement.
On Tuesday, MGM Resorts experienced outages at its slot machines. As of Wednesday morning, MGM Resorts still showed signs of a breach, including outages on the company’s website. MGM Resorts itself claims it is “Resorts, including dining, entertainment and gaming, are currently operating”.
ALPHV used social engineering techniques to launch a cyberattack on an international hotel and casino chain. Hackers claim it only took a 10-minute phone call to hack MGM Resorts. It was enough for the criminals to find the details of casino employees on LinkedIn and then call support.
ALPHV Group has a good reputation in the cybersecurity community “an outstanding specialist in the field of social engineering for initial access.” After a hack, the group typically uses ransomware to force the victim to pay. Hackers primarily attack large companies; In particular, in July, ALPHV, together with other hackers, managed to leak data from the website of cosmetics giant Estée Lauder.
Caesars Entertainment paid “tens of millions of dollars” Hackers who threatened to make company data public. The attack was carried out by a group called the Scattered Spider (also known as UNC 3944), which used social engineering to bypass the security of the company’s network. The attack on Caesars began on August 27 with access to the company’s external supplier, after which the criminals managed to penetrate the Caesars Entertainment network.
The Scattered Spider group became active in May 2022 and is involved in attacks on telecommunications and business outsourcing organizations. Members of the group pose as IT personnel and use social engineering and other tools to convince company representatives to grant remote access. They also successfully exploit vulnerabilities and use special hacking tools to bypass security software.