The Scattered Spider hacking group said on Thursday it took six terabytes of data from the systems of multibillion-dollar casino operators MGM Resorts International and Caesars Entertainment as both companies probed the breaches.
Speaking to Reuters via the messaging platform Telegram, a representative for the group said it did not plan to make the data public and declined to comment on whether it had asked the companies for ransom.
The group’s contact was provided to Reuters by a cybersecurity expert who runs an online repository of malware samples called “vx-underground,” and declined to be named. Caesars and MGM did not respond to requests for comment on the amount of data that was breached.
Caesars reported to regulators on Thursday it had found that on Sept. 7 hackers took data on a significant number of its loyalty program members, including “driver’s license numbers and/or Social Security numbers.” Earlier, Bloomberg and The Wall Street Journal reported that Caesars had paid ransom, but Caesars declined a Reuters request for comment on the matter.
Earlier, MGM said it was working with law enforcement on resolving a “cybersecurity issue.”
Scattered Spider, also known as UNC3944, is one of the most disruptive hacking outfits in the United States, according to Google’s Mandiant Intelligence.
Several security analysts have drawn attention to the group over the past year for its effective social engineering tactics. It is known to reach out to a target an organization’s information security teams by phone, pretending to be an employee needing their password reset.
“They tend to have most of the information they need before that call to the helpdesk – that is the last step,” said Marc Bleicher, a security analyst who has conducted forensic investigations into such hacks before.
Mandiant has linked Scattered Spider to over 100 intrusions in the last two years at companies ranging from gaming and technology firms to retailers, telecom and insurance firms, Charles Carmakal, chief technology officer at Mandiant told Reuters.
The group’s members appeared to be scattered across several Western countries, he added.
Caesars said the breach resulted from a “social engineering attack” on an IT vendor the company used. It didn’t quantify the financial impact.
Operations at MGM, one of the world’s largest casino and hotel operators, were still disrupted four days after news of the hack emerged. Social media posts had visuals of slot machines showing error messages at its Las Vegas casinos.
Some analysts believe Scattered Spider is a subgroup of the ALPHV, a ransomware hacking outfit that emerged in Nov. 2021, according to Mandiant.
The FBI said it was investigating the incidents at MGM and Caesars and declined further comment.