MGM Resorts International has become the latest victim of a cyberattack by the same group of hackers that breached Caesars Entertainment Inc. just weeks earlier, according to insiders familiar with the matter. The hackers reportedly demanded a ransom from MGM, although the details of the ransom amount and whether ransomware was used are yet to be confirmed.
Caesars Entertainment Inc. is expected to disclose the cyberattack in a regulatory filing. MGM Resorts declined to comment on the attack, stating that the investigation is ongoing and that they are implementing measures to secure their operations.
The cyberattack has disrupted MGM’s websites, reservation system, and some slot machines across its casinos in the United States. This follows a similar attack on Caesars Entertainment Inc., where the hackers were able to breach an outside IT vendor before gaining access to the company’s network.
The hackers responsible for the attacks, known as Scattered Spider or UNC3944, have targeted telecommunications and business process outsourcing companies, engaging in SIM swaps and phishing attacks to steal data and demand ransoms. The group has been described as one of the most prevalent and aggressive threat actors impacting organizations in the United States.
It is worth noting that the FBI had previously reported that Scattered Spider had leased its ransomware to other hacking groups, resulting in compromises to at least 60 entities worldwide. In the case of the MGM hack, there is speculation that Scattered Spider may have collaborated with another hacking group known as ALPHV.
The methods used by hackers to extort victims vary. While ransomware is a common tactic, some groups have shifted their focus to stealing and threatening to release sensitive data unless a ransom is paid.
The impact of the cyberattack on MGM Resorts International and Caesars Entertainment Inc. remains to be seen as investigations and security measures are ongoing.