close
close
darbo

Five defendants charged in connection with 2023 MGM cyber attacks, Caesars

Posted on by Nargang
Five defendants charged in connection with 2023 MGM cyber attacks, Caesars

LAS VEGAS (KTNV) — Five people are facing federal charges in connection with a notorious hacker group believed to be behind a string of high-profile cyberattacks, including those that crippled MGM Resorts and Caesars Entertainment in September 2023.

“Linkedin is a great tool and resource, everyone networks there. It’s also a bad actor’s best friend,” said Patrick Harr, CEO of SlashNext.

Unfortunately for MGM Resorts International, that’s all it took. In September 2023, hackers accessed MGM systems by impersonating a company employee on the network site and then calling MGM’s IT help desk to access the network.

“There are many different ways to get into the network and once you do that, all bets are off,” Harr said.

A few weeks earlier, Caesars Entertainment was also attacked by hackers, who compromised its customer loyalty database, which included the Social Security number and driver’s license number of millions of customers.

“Ransomware actors are constantly looking for where the biggest impact is where they can get the biggest ransom,” Harr said.

On Wednesday, the U.S. Attorney’s office for the Central District of California announced indictments that reveal the group operates under the name “Scattered Spider.” The group targeted at least 100 organizations and stole millions of dollars in cryptocurrencies.

The defendants, aged between 20 and 25, face charges of conspiracy, wire fraud and identity theft.

While the release did not directly name MGM or Caesars, cybersecurity reports confirm the group’s involvement in both attacks.

“If you think about the amount of money that’s being transferred every day inside MGM or Caesar’s, just a hotel, a casino, let alone everything else, that’s a big disruption to their environment so they know if they’re able . to hijack those systems, that the ransom is more likely to be paid,” Harr said.

The attacks caused massive disruption at both casinos. Caesars reportedly paid a $15 million ransom to the hackers, while MGM refused to negotiate, ultimately facing an estimated $100 million in damages.

MGM’s systems were so badly affected that employees had to resort to manual methods to register guests and process reservations.

“At the end of the day, this is very profitable, so these types of groups operate just like any other corporation where it’s all about making money,” Harr said.

While authorities are still working out the full scope of the operation, Harr says the arrests are a significant step in addressing the growing threat of sophisticated cybercriminals.