Scattered Spider, a notorious hacking group, has claimed responsibility for the recent cyberattack on MGM Resorts.
MGM Resorts, a leading player in the hospitality and entertainment industry, continues to wrestle with a widespread outage resulting from a cyberattack. This situation has forced the company to shut down various systems across its extensive properties.
This renowned establishment, responsible for managing multiple hotels and casinos along the famous Las Vegas Strip, including the Bellagio, Aria, and Cosmopolitan, had to deactivate substantial segments of its internal networks last Sunday. This action has led to significant disruptions across its hotels and casinos. Guests have reported a range of issues, from malfunctioning ATMs and slot machines to non-operational room digital key cards and electronic payment systems.
The outage has now reached its fourth day, with MGM acknowledging in an update provided on Thursday that it is actively working to “resolve our cybersecurity issue.” Unfortunately, guests continue to encounter difficulties across MGM properties, despite the company’s earlier assurances during the week that its resorts, covering dining, entertainment, and gaming, remain “currently operational.”
Recent reports circulating on social media indicate that MGM’s casinos remain nonfunctional, resulting in long queues at affected properties as employees resort to using traditional pen and paper methods. Guests have also reported the absence of TV service in their hotel rooms, along with issues regarding MGM’s phone lines.
MGM’s official website, which initially recommended guests to make reservations via phone on Tuesday, has since redirected customers to utilize its Rewards app for booking purposes. The website also communicates that MGM is being flexible by waiving change and cancellation fees for guests arriving until September 17.
MGM’s Response to the Scattered Spider Attack
A spokesperson from the hacking group Scattered Spider has claimed responsibility for the MGM cyberattack. Initial reports emerged from vx-underground, a malware research collective, connecting Scattered Spider, potentially a branch of the ALPHV ransomware gang, to the attack. ALPHV typically employs a dark web platform for posting stolen data, but MGM’s data has not yet surfaced there, leaving the extent of the breach uncertain.
Recent reports also suggest Scattered Spider’s involvement in a cyberattack on Caesars Entertainment, commencing in late August, exploiting vulnerabilities in an external IT vendor. Caesars reportedly paid about half of the $30 million ransom to avert data exposure. They confirmed the breach in an 8-K filing, disclosing stolen customer data, including driver’s license and Social Security numbers, and attempted data deletion by the unauthorized actor, hinting at a ransom payment.
Scattered Spider claimed responsibility for the MGM attack but denied involvement in the Caesars incident. When asked about shifting their focus from video game and telecom companies to casinos, their response was clear: “If there’s money involved, we’re interested.” They employed social engineering on LinkedIn to breach MGM, and their ranks include young adults and teenagers known for such tactics. MGM has not divulged additional details beyond the 8-K filing. The FBI is actively investigating both incidents, yet they have not disclosed further information. U.S. authorities strongly discourage ransom payments. Representatives from both Caesars and MGM have not responded to inquiries, and it remains uncertain if MGM employees can access their corporate email.
