‘Scattered Spider’ Named as Likely Suspect in MGM Resorts Hack

MGM

Authorities have reportedly identified the source of the hack that crippled Las Vegas’ biggest casino group.

A group of hackers dubbed “Scattered Spider” is the likely suspect in this week’s cyberattack on MGM Resorts, the Financial Times (FT) reported Thursday (Sept. 14).

The group targeted MGM and several other Western companies to try to get them to fork over ransom payments, the report said, citing unnamed sources.

MGM Resorts announced Monday (Sept. 11) that it was dealing with a cybersecurity problem that had caused outages across its properties.

“We also notified law enforcement and took prompt action to protect our systems and data, including shutting down certain systems,” MGM wrote in a post on X, formerly Twitter.

The attack continued to cause problems Wednesday, with MGM’s websites down, forcing the company to send prospective guests to third-party sites to book stays. Guests already at the resort found restaurants and bars that only took cash and shuttered slot machines.

The situation has gotten the attention of the FBI and state officials, the FT reported.

“Governor [Joe] Lombardo and the Nevada Gaming Control Board are monitoring the cybersecurity incident with MGM Resorts and are in communication with company executives,” the board said in a statement on X Wednesday. “Additionally, the NGCB remains in communication with other law enforcement agencies.”

This week also brought news that Caesars Entertainment, the operator of Caesars Palace in Las Vegas, fell victim to its own cyberattack over the summer and paid an approximately $15 million ransom to the hackers. The company is expected to reveal the attack in a Securities and Exchange Commission (SEC) filing.

Caesars Entertainment did not immediately reply to PYMNTS’ request for comment.

It is not clear whether the two cyberattacks are related.

Charles Carmakal, chief technology officer at Mandiant, whose company has tracked Scattered Spider for two years, told FT the group is relatively new on the ransomware scene but has hit at least 100 organizations, mostly in North America.