FBI Issues Cybersecurity Advisory on Group that Targeted MGM, Caesars

The Federal Bureau of Investigations (FBI) has released a Joint Cybersecurity Advisory about Scattered Spider, the infamous hacking group that recently targeted both MGM Resorts International and Caesars Entertainment.

The FBI, in a notice with the Cybersecurity and Infrastructure Security Agency (CISA), is warning critical infrastructure organizations to take immediate steps to enhance the security of their IT systems and processes from common threats levied by the hacking group.

Scattered Spider is an informal name given to the . The hackers themselves go by an assortment of names, including Starfraud, UNC3944, Scatter Swine, and Middled Libra.

The Joint Cybersecurity Advisory says the criminals engage in data extortion by way of social engineering, the act of manipulating or deceiving a victim into providing system access. The FBI says Scattered Spider threat actors are considered experts in such deceit techniques and specialize in phishing, push bombing, and subscriber identity module swap attacks to obtain credentials that allow the bad actors to install remote access tools that bypass multifactor authentication protections.

Scattered Spider is a cybercriminal group that targets large companies and their contracted information technology (IT) help desks. Scattered Spider threat actors, per trusted third parties, have typically engaged in data theft for extortion, the joint notice read.

The FBI and CISA included a laundry list of mitigating controls to better safeguard their IT systems from Scattered Spider, including prohibiting the installation and execution of unauthorized remote access software.

Scattered Spider took credit for both cyberattacks and Caesars Entertainment.

MGM refused to pay a ransom, a decision that led to more than after the company s US resorts were highly . Caesars took a different response in deciding to pay a ransom, said to be around $15 million.

Scattered Spider claims to have stolen about six terabytes worth of data, which is the equivalent of 39 million PDF pages. The hackers said their scheme was rather simplistic, as they claim it only took a 10-minute phone call to an MGM employee help desk to gain access to the company s internal systems.

Once the hackers were inside, the FBI and CISA say the cybercriminals installed a series of tools that allowed them to continue having unauthorized entry. The tools provided the cybergang with the ability to manage the IT systems, extract credentials, and further enable remote access.

Numerous commercial and tribal casinos have been targeted in cyberattacks in recent years. With casinos possessing what cybercriminals consider to be treasure troves of sensitive data, the businesses are ideal targets.

The is Rivers Casino Des Plaines in Illinois. The casino confirmed last week that it was attacked around August 12, and that confidential data on certain patrons and employees was taken.

Owned and operated by Rush Street Gaming, the company did not immediately say whether it knew who was behind the attack.