MGM Resorts Breached by ‘Scattered Spider’ Hacking Group


MGM Resorts is still dealing with severe outages as a result of a hack that led it to shut down systems across its facilities. 

MGM, which owns and runs several Las Vegas Strip hotels and casinos, including the Bellagio, Aria, and Cosmopolitan, took down large parts of its internal networks on Sunday. 

This caused considerable disruption throughout the company’s hotels and casinos, with customers claiming that ATMs and slot machines, as well as room digital key cards and electronic payment systems, were out of service. 

The downtime has now entered its fifth day, with MGM noting in a Thursday statement that it was attempting to “resolve our cybersecurity issue.” Guests continue to report problems at MGM locations, despite the company’s earlier assurance that its resorts, including restaurants, entertainment, and gaming, are “currently operational.”

Recent social media reports indicate that MGM’s casinos are still closed and that long lines have formed at affected sites as staff have resorted to using pen and paper. Guests have also claimed that TV service in hotel rooms is unavailable, as are MGM’s phone lines. 

MGM’s website, which previously urged guests to call in order to make reservations, now instructs them to use its Rewards app to make reservations. According to the website, MGM is also waiving change and cancellation costs for customers arriving until September 17. 

Earlier this week, Scattered Spider, a hacking gang, claimed that it was responsible for the MGM breach. The claim of responsibility was initially published by the malware repository collective vx-underground, which announced on Wednesday that Scattered Spider, thought to be a subgroup of the ALPHV ransomware gang, was to blame.

MGM is not yet included on the dark web leak site where ALPHV regularly posts files stolen from victim organisations. 

It is unclear what, if any, data was stolen from MGM’s networks.

Scattered Spider, also known as UNC3944, is alleged to have been responsible for a recent cyberattack on Caesars Entertainment, claimed multiple reports this week. Bloomberg reported the incident on Wednesday, citing people with direct knowledge of it. 

According to Bloomberg, the hackers began attacking the gigantic hotel and entertainment company in late August by breaking into one of its external IT contractors. Later, Wall Street Journal reported that Caesars paid roughly half of the $30 million the hackers requested to keep their stolen data from being made public.

%d bloggers like this: