Home > Legal & compliance > Legal > Hacker group claims responsibility for MGM cyberattack

Hacker group claims responsibility for MGM cyberattack

| By Zak Thomas-Akoo
Hacker group Scattered Spider, believed to be part of the ALPHV ransomware collective, has claimed responsibility for the security breach at MGM Resorts International.

In an unverified statement reportedly posted on ALPHV’s darknet leak site, Scattered Spider detailed how the MGM hack took place.

The group said it threatened to wreck more havoc if MGM did not meet their demands for payment. It also outlined their attempts to contact MGM senior leadership, who the hackers claim could contact them if they wished.

“We still continue to have access to some of MGM’s infrastructure,” said the hacker group. “If a deal is not reached, we shall carry out additional attacks.

“We continue to wait for MGM to grow a pair and reach out as they have clearly demonstrated that they know where to contact us.”

Scattered Spider said MGM decided to shut down its servers and large parts of its IT infrastructure on 10 September after it discovered the group attempting to uncover passwords.

The next day, the group launched wide ranging ransomware attacks at various parts of MGM’s remaining infrastructure.  

On Monday, MGM released a statement notifying the public that “certain systems” had been breached by hackers. The operator said it is working with external cybersecurity experts to solve the issue. The FBI is also reportedly looking into the incident.

MGM refuses to pay ransom

If the statement is correct, MGM’s refusal to pay the ransom is in contrast to one of its biggest competitors on the Las Vegas Strip.

According to unnamed sources quoted in the Wall Street Journal, Ceasars Entertainment paid approximately $15m to the group after it threatened to release sensitive customer data.

This figure was reportedly half of the $30m that the group originally demanded.

Caesars confirmed the security breach yesterday. In an SEC filing it detailed how the hackers had gained access to its loyalty programme database. This database contains driving licence numbers and social security numbers belonging to customers.

Disruptions continue at MGM

MGM did not confirm which IT systems had been affected. However, social media posts reported thousands of hotel rooms had stopped working and slot machines were frozen.

According to reports, Scattered Spider gained access to MGM’s system through “phishing” techniques including phone calls to gain access to login details.

Subscribe to the iGaming newsletter