On Tuesday, a cybercriminal group calling itself ALPHV/BlackCat disrupted the MGM Resorts casino chain. Hackers claim to have seized sensitive information and demanded a ransom, but the company has so far refused to pay. And casino chain Caesars Entertainment allegedly paid “tens of millions of dollars” Hackers threatening to disclose stolen information, including customer data. The hack was carried out by the Scattered Spider group, but ALPHV insists it was also involved.

On Tuesday, MGM Resorts began experiencing slot machine outages. As of this morning, the MGM Resorts environment continued to show signs of a hack, particularly reflected in outages on the company’s website. MGM Resorts itself claims that: “resorts including food, entertainment and games are now operational”.

ALPHV used social engineering techniques to cyberattack the international hotel and casino network. Hackers claim that hacking MGM Resorts only takes a 10-minute phone call. It turned out that it was enough for criminals to find the data of casino employees on LinkedIn and then call the support service.

ALPHV Group is well-respected in the cybersecurity community “An outstanding expert in social engineering for primary access.” After the attack, the group often uses malware to force the victim to pay. Hackers primarily attack large companies; Notably, in July, ALPHV, along with other hackers, managed to organize a data leak from the website of beauty industry giant Estée Lauder.

Caesars Entertainment paid “tens of millions of dollars” hackers threatening to release company data. The attack was carried out by a group called Scattered Spider (also known as UNC 3944), which used social engineering to bypass corporate network security. The attack on Caesars began on August 27 with access to the company’s external supplier, after which the criminals were able to infiltrate the Caesars Entertainment network.

The Scattered Spider group launched in May 2022 and has been carrying out attacks on telecommunications and commercial outsourcing organizations. Members of the group impersonate IT personnel and use social engineering and other tools to persuade company officials to grant remote access. They also successfully exploit security vulnerabilities and use special hacking tools to bypass security software.