{
	"id": "583dd295-a2da-44e2-baaa-69c6fe5dab88",
	"created_at": "2026-04-06T00:07:35.340548Z",
	"updated_at": "2026-04-10T03:31:49.980129Z",
	"deleted_at": null,
	"sha1_hash": "d7658fa931a2de0d899d7dfe853daaba9355a022",
	"title": "Scattered Spider managed MGM Resort Network Outage brings $8m loss daily",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 538888,
	"plain_text": "Scattered Spider managed MGM Resort Network Outage brings\r\n$8m loss daily\r\nBy Naveen Goud\r\nPublished: 2023-09-18 · Archived: 2026-04-02 11:43:33 UTC\r\nIn recent weeks, Scattered Spider, a highly active hacking group, has made headlines by targeting more than 130\r\norganizations, with the number of victims steadily increasing. Prominent organizations, including Epic Games,\r\nRiot Games, AT\u0026T, HubSpot, TTEC, Best Buy, Evernote, Microsoft, Coinbase, KuCoin, Binance, Twitter, Slack,\r\nVerizon Wireless, MetroPCS, T-Mobile, and the now-defunct UK fashion brand Skin Trend, have all fallen prey to\r\nthis threat.\r\nThe group’s most recent victim, MGM Resorts and Hotels, is currently grappling with daily losses estimated at $6\r\nmillion to $8 million. As the situation unfolds, these financial woes are expected to worsen in the coming weeks.\r\nAccording to a report from Mandiant, the cyber attack on MGM hotels, which relied heavily on social engineering\r\ntactics, may lead to unexpected disruptions in the company’s operations. The IT teams are working tirelessly to\r\nrestore the disrupted computer network, with a target timeframe of approximately 15 days. In the meantime, the\r\ncompany is already experiencing a cash flow deficit of $1 million, and there are concerns that this ongoing crisis\r\ncould erode the trust of its loyal customers.\r\nSuch threats invariably leave a lasting impact on customer perceptions, especially as the holiday season\r\napproaches. Many customers may opt for alternative entertainment options this year, such as online betting or\r\nhttps://www.cybersecurity-insiders.com/scattered-spider-managed-mgm-resort-network-outage-brings-8m-loss-daily/\r\nPage 1 of 2\n\ntravel to destinations like Dubai, Singapore, or Malaysia, known for their thriving casino industries.\r\nAn insider at MGM reveals that the company used to enjoy daily cash flows of $7 million and $39 million in\r\nrevenue. However, due to the ongoing digital turmoil, the entire gaming business has been disrupted, and the\r\ncompany is now heavily reliant on external investments for revenue.\r\nIt’s worth noting that Scattered Spider is known by various names within different organizations, such as Oktapus\r\nby Group IB, UNC3944 by Google-owned Mandiant, and Scattered Swine by Okta Trust.\r\nJoin our LinkedIn group Information Security Community!\r\nSource: https://www.cybersecurity-insiders.com/scattered-spider-managed-mgm-resort-network-outage-brings-8m-loss-daily/\r\nhttps://www.cybersecurity-insiders.com/scattered-spider-managed-mgm-resort-network-outage-brings-8m-loss-daily/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY",
		"Malpedia"
	],
	"references": [
		"https://www.cybersecurity-insiders.com/scattered-spider-managed-mgm-resort-network-outage-brings-8m-loss-daily/"
	],
	"report_names": [
		"scattered-spider-managed-mgm-resort-network-outage-brings-8m-loss-daily"
	],
	"threat_actors": [
		{
			"id": "9ddc7baf-2ea7-4294-af2c-5fce1021e8e8",
			"created_at": "2023-06-23T02:04:34.386651Z",
			"updated_at": "2026-04-10T02:00:04.772256Z",
			"deleted_at": null,
			"main_name": "Muddled Libra",
			"aliases": [
				"0ktapus",
				"Scatter Swine",
				"Scattered Spider"
			],
			"source_name": "ETDA:Muddled Libra",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "d90307b6-14a9-4d0b-9156-89e453d6eb13",
			"created_at": "2022-10-25T16:07:23.773944Z",
			"updated_at": "2026-04-10T02:00:04.746188Z",
			"deleted_at": null,
			"main_name": "Lead",
			"aliases": [
				"Casper",
				"TG-3279"
			],
			"source_name": "ETDA:Lead",
			"tools": [
				"Agentemis",
				"BleDoor",
				"Cobalt Strike",
				"CobaltStrike",
				"RbDoor",
				"RibDoor",
				"Winnti",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "7da6012f-680b-48fb-80c4-1b8cf82efb9c",
			"created_at": "2023-11-01T02:01:06.643737Z",
			"updated_at": "2026-04-10T02:00:05.340198Z",
			"deleted_at": null,
			"main_name": "Scattered Spider",
			"aliases": [
				"Scattered Spider",
				"Roasted 0ktapus",
				"Octo Tempest",
				"Storm-0875",
				"UNC3944"
			],
			"source_name": "MITRE:Scattered Spider",
			"tools": [
				"WarzoneRAT",
				"Rclone",
				"LaZagne",
				"Mimikatz",
				"Raccoon Stealer",
				"ngrok",
				"BlackCat",
				"ConnectWise"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "c3b908de-3dd1-4e5d-ba24-5af8217371f0",
			"created_at": "2023-10-03T02:00:08.510742Z",
			"updated_at": "2026-04-10T02:00:03.374705Z",
			"deleted_at": null,
			"main_name": "Scattered Spider",
			"aliases": [
				"UNC3944",
				"Scattered Swine",
				"Octo Tempest",
				"DEV-0971",
				"Starfraud",
				"Muddled Libra",
				"Oktapus",
				"Scatter Swine",
				"0ktapus",
				"Storm-0971"
			],
			"source_name": "MISPGALAXY:Scattered Spider",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "d093e8d9-b093-47b8-a988-2a5cbf3ccec9",
			"created_at": "2023-10-14T02:03:13.99057Z",
			"updated_at": "2026-04-10T02:00:04.531987Z",
			"deleted_at": null,
			"main_name": "Scattered Spider",
			"aliases": [
				"0ktapus",
				"LUCR-3",
				"Muddled Libra",
				"Octo Tempest",
				"Scatter Swine",
				"Scattered Spider",
				"Star Fraud",
				"Storm-0875",
				"UNC3944"
			],
			"source_name": "ETDA:Scattered Spider",
			"tools": [
				"ADRecon",
				"AnyDesk",
				"ConnectWise",
				"DCSync",
				"FiveTran",
				"FleetDeck",
				"Govmomi",
				"Hekatomb",
				"Impacket",
				"LOLBAS",
				"LOLBins",
				"LaZagne",
				"Living off the Land",
				"Lumma Stealer",
				"LummaC2",
				"Mimikatz",
				"Ngrok",
				"PingCastle",
				"ProcDump",
				"PsExec",
				"Pulseway",
				"Pure Storage FlashArray",
				"Pure Storage FlashArray PowerShell SDK",
				"RedLine Stealer",
				"Rsocx",
				"RustDesk",
				"ScreenConnect",
				"SharpHound",
				"Socat",
				"Spidey Bot",
				"Splashtop",
				"Stealc",
				"TacticalRMM",
				"Tailscale",
				"TightVNC",
				"VIDAR",
				"Vidar Stealer",
				"WinRAR",
				"WsTunnel",
				"gosecretsdump"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "e424a2db-0f5a-4ee5-96d2-5ab16f1f3824",
			"created_at": "2024-06-19T02:03:08.062614Z",
			"updated_at": "2026-04-10T02:00:03.655475Z",
			"deleted_at": null,
			"main_name": "GOLD HARVEST",
			"aliases": [
				"Octo Tempest ",
				"Roasted 0ktapus ",
				"Scatter Swine ",
				"Scattered Spider ",
				"UNC3944 "
			],
			"source_name": "Secureworks:GOLD HARVEST",
			"tools": [
				"AnyDesk",
				"ConnectWise Control",
				"Logmein"
			],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775434055,
	"ts_updated_at": 1775791909,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d7658fa931a2de0d899d7dfe853daaba9355a022.pdf",
		"text": "https://archive.orkl.eu/d7658fa931a2de0d899d7dfe853daaba9355a022.txt",
		"img": "https://archive.orkl.eu/d7658fa931a2de0d899d7dfe853daaba9355a022.jpg"
	}
}