'Scattered Spider' Behind MGM Cyberattack, Targets Casinos
By Becky Bracken
Published: 2023-09-14 · Archived: 2026-04-05 20:12:52 UTC
Source: Tim Plowden via Alamy Stock Photo
A threat group called "Scattered Spider" is reportedly behind the Sept. 10 MGM Resorts cyberattack, which days
later is still keeping systems offline across the conglomerate's more than 30 hotels and casinos scattered around
the globe.
According to a Reuters report that attributes the attack, citing sources familiar with the matter, the Scattered
Spider ransomware group is believed to be made up of young adults in the US and UK. The group is known for
using social engineering schemes to trick users into handing over their login credentials and is tracked as an
affiliate for the BlackCat/ALPHV ransomware.
Scattered Spider also recently targeted Caesars Entertainment, which paid tens of millions in ransom to the
cyberattackers, according to Bloomberg, which added that Caesars is expected to submit a required SEC
regulatory filing in the coming days with more details on the attack. The group began targeting Caesars in late
August, sources said.
https://www.darkreading.com/attacks-breaches/-scattered-spider-mgm-cyberattack-casinos
Page 1 of 2

"Scattered Spider (aka Roasted 0ktapus, UNC3944) leverages a combination of credential phishing and social
engineering to capture one-time-password (OTP) codes, or it overwhelms targets using multifactor authentication
(MFA) notification fatigue tactics,” according to a CrowdStrike report on the cybercrime group from January.
“Having obtained access, the adversary avoids using unique malware, instead favoring a wide range of legitimate
remote management tools to maintain persistent access.”
In the meantime, MGM Resorts websites remain down, and the investigation into the breach is ongoing.
About the Author
Senior Editor, Dark Reading
Becky Bracken is a senior editor with Dark Reading who brings decades of journalism experience across, radio,
print, online and video channels. Becky lends her particular voice and cybersecurity expertise to the Dark Reading
Confidential podcast as the host and producer, and moderates the Dark Reading editorial webinars. In addition,
she oversees the site's Commentary section, hosts Dark Reading's Black Hat News Desk, and contributes regularly
as a writer and reporter. Prior to joining Dark Reading, Becky covered cybersecurity and hosted webinars for
Threatpost. Other national media outlets she has contributed to include PBS, SheKnows, Complex, and more. 
Source: https://www.darkreading.com/attacks-breaches/-scattered-spider-mgm-cyberattack-casinos
https://www.darkreading.com/attacks-breaches/-scattered-spider-mgm-cyberattack-casinos
Page 2 of 2