On September 14, 2023, Reuters and the Financial Times claimed the European cybercriminal group Scattered Spider was behind the cyberattack against MGM. Indeed, the casino and hotel company, operating mostly in Las Vegas, suffered widespread IT disruptions on September 11, 2023.
Many MGM services remained offline for twelve hours, including slot machines and ATMs. Even though the entertainment group acknowledged the intrusion, they did not release any information on a possible data theft or ransom.
According to two sources close to the matter, the FBI’s investigation leads to Scattered Spider, aka UNC3944, a European group of relatively young and inexperienced cybercriminals. The gang mostly uses the “BlackCat” ransomware, which it implemented against MGM.
MGM’s main competitor, Caesars Entertainment, was also the victim of a similar attack a few weeks ago. According to Bloomberg, the company chose to pay the ransom. The operator thus hopes to avoid a public leak of the stolen data, which could be very sensitive. The cybercriminal group behind the attack could also be affiliated with Scattered Spider.