National Cyber Warfare Foundation (NCWF)

Groups linked to Las Vegas cyber attacks are prolific criminal hacking gangs
0 user ratings		2023-09-14 16:42:33
milo
Blue Team (CND)
 - archive -- 

A breach of two Las Vegas casino operators is shining a spotlight on the Scattered Spider and ALPHV hacking groups.


The post Groups linked to Las Vegas cyber attacks are prolific criminal hacking gangs appeared first on CyberScoop.



A pair of criminal hacking groups have been linked with attacks in recent weeks on two prominent Las Vegas hotel and casino operators that has left one struggling to resume operations and prompted another to reportedly pay a multimillion dollar ransom payment.





The attacks on MGM Resorts and Caesars Entertainment have resulted in widespread outages at MGM properties, and according to a Wall Street Journal report, forced Caesars to pay roughly half of a $30 million ransom demand.





Exactly who is behind the attacks remains unclear, but two hacking groups have been linked with the breaches: ALPHV and Scattered Spider. A person claiming to be a member of the latter group told CyberScoop that their group was responsible for the attack on MGM but denied responsibility for the breach of Caesars. Earlier this week VX-Underground, a well-known online malware research repository, wrote on the social media platform X that an ALPHV representative said they were behind the MGM hack.





In a Thursday regulatory filing, Caesars confirmed that the company had identified “suspicious activity in its information technology network resulting from a social engineering attack on an outsourced IT support vendor” used by the company. The attackers gained a copy of “among other data, our loyalty program database, which includes driver’s license numbers and/or social security numbers for a significant number of members in the database,” the company said.





Caesars said it took steps “to ensure that the stolen data is deleted by the unauthorized actor, although we cannot guarantee this result,” the company reported, in what may have been a veiled reference to the reported ransomware payment.





Neither Caesars or MGM responded to multiple requests for comment. The FBI acknowledged that it was investigating the matter to the Associated Press on Tuesday, but a spokesperson for the FBI’s Las Vegas field office declined to comment further on Wednesday.





As of Thursday, MGM appears to continue to struggle to recover from the attack. The company’s website remains down, and reports on social media show digital slot machines bearing error messages.





The member of Scattered Spider who spoke with CyberScoop said that negotiations with MGM were ongoing but would not disclose the terms of any demands. The individual claimed that stolen data included customer information, sexual abuse incident reports and other corporate records. The individual’s claims could not be independently verified.





“If MGM decide they want to discuss if they paid or how much is completely up to them, if they decide they want to pay the money we assure them their systems wont [sic] be breached again,” the person said in an online chat.





The two groups — Scattered Spider and ALPHV — linked to the attacks on the two casino operators are a set of aggressive online criminal groups with well-documented history of carrying out ransomware attacks.





Scattered Spider is the name given to a financially motivated hacking group by private industry researchers. The group was likely behind a “massive phishing campaign” targeting Okta, the U.S.-based authentication firm, which led to follow-on attacks against users of the Signal messaging app, Twilio and Cloudflare, cybersecurity firm Group-IB reported in August 2022.





Scattered Spider has been active since May 2022, and has mostly attacked telecommunications and business process outsourcing organizations until recently, when it began targeting other sectors, including critical infrastructure, according to an Aug. 17 analysis from cybersecurity firm Trellix.





The group “heavily relies on email and SMS phishing attacks and have also been observed attempting to phish other users within an organization once they’ve gained access to employee databases,” according to a May 2023 Mandiant analysis.





Charles Carmakal, Mandiant’s chief technology officer, called Scattered Spider “one of the most prevalent and aggressive threat actors impacting organizations in the United States today.” The group’s members may be “less experienced and younger” than more established criminal hacking groups, but they are “native English speakers and are incredibly effective social engineers,” Carmakal added, referring to the practice of tricking or persuading a person with access to a particular company or network to provide access to someone not authorized to have it.





The exact relationship between Scattered Spider and ALPHV is difficult to determine. Scattered Spider is considered a distinct, financially-motivated cybercrime group that has demonstrated connections to the ALPHV ransomware operation by using some of its tooling, experts say. ALPHV is a well-known ransomware operation, also known as BlackCat, and was perhaps the first entity to operate ransomware using the RUST language in the wild.





The Scattered Spider member who spoke with CyberScoop described their group as a well-known affiliate of ALPHV.





So far ALPHV does not appear to have claimed responsibility for the attack on Caesars, despite unconfirmed reports that they were behind the attack.


The post Groups linked to Las Vegas cyber attacks are prolific criminal hacking gangs appeared first on CyberScoop.



Source: CyberScoop
Source Link: https://cyberscoop.com/las-vegas-mgm-caesars-cyber-attack/

Comments
new comment
Nobody has commented yet. Will you be the first?
  
Forum
Blue Team (CND)


Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.