On Thursday, MGM Resorts (NYSE:MGM) and Caesars (NASDAQ:CZR) Entertainment faced significant disruption due to the cyberattacks by a hacking group known as Scattered Spider. The group, comprised of mostly young adults from the US and UK, uses social engineering techniques to trick individuals into granting access to private systems.
The breach on MGM Resorts led to a series of digital outages. The company's website was down as of Thursday, and social media users posted pictures of slot machines gone dark in Las Vegas. The hacker group infiltrated MGM Resorts' systems on Sunday, causing a shutdown of various computer systems including corporate email, restaurant reservation, hotel booking, and digital key card access. The hackers also demanded a ransom from MGM, though the method they used to penetrate the network remains unclear.
Meanwhile, Caesars Entertainment was also targeted by the same hacker group. The attack on Caesars began in late August when the hackers contacted an outside IT vendor to gain access to the casino operator's systems. Caesars eventually paid a $15 million ransom.
Scattered Spider is believed to be an offshoot of ALPHV, a ransomware gang. A representative of the group claimed responsibility for the MGM hack but denied any involvement with the Caesar's breach. However, Bloomberg reported that Scattered Spider was responsible for both attacks.
Charles Carmakal, chief technical officer for Mandiant Inc., a cyber defense company that is part of Google (NASDAQ:GOOGL) Cloud, posted on LinkedIn that despite the group's members being less experienced and younger than many established ransomware groups, they pose a serious threat to large organizations in the United States.
Both companies disclosed the hacks to investors. Caesars Entertainment filed a Form-8K with the US Securities and Exchange Commission (SEC), noting that it incurred expenses related to this attack. Some costs could be offset by cybersecurity or other insurance claims. MGM Resorts followed suit, filing its own Form-8K with the SEC. Despite the attacks, the stock of both Caesars and MGM was up on Thursday.
Ransomware attacks like those used by Scattered Spider to access both companies' networks have surged during the COVID-19 pandemic, prompting the US Treasury Department to issue guidance urging victims not to pay attackers. Both MGM Resorts and Caesars Entertainment have not yet responded to requests for comment.
This article was generated with the support of AI and reviewed by an editor. For more information see our T&C.