Many of MGM Resorts’ systems were crippled because of cyberattack this past Monday and now the group responsible for it has been unmasked. According to vx-underground, a group that curates what it calls the “largest collection of malware source code, samples, and papers on the internet,” it was the ALPHV/BlackCat ransomware group that is responsible for the chaos.
The scary part about it is that it sounded ridiculously easy, something that really anyone could have done. ALPHV used simple social engineering techniques to gain the trust of someone (or “someones”) at MGM, acquire the information needed to get into their systems, and then just went to town.
In a post on X, vx-underground said, “All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk.”
“A company valued at $33,900,000,000 was defeated by a 10-minute conversation.”
vx-underground specifically pointed to the ALPHV subgroup Scattered Spider as the culprit. According to a crowdstrike.com, a page linked to by vx-underground, Scattered Spider is a “likely eCrime adversary who conducts targeted social-engineering campaigns primarily against firms specializing in customer relationship management and business-process outsourcing, as well as telecommunications and technology companies generally.”
Vx-underground did not provide any further details on exactly what ALPHV or its subgroup specifically did to get into MGM’s systems, but did say that the “threat actors” told them directly that they did it. From the sounds of it, ALPHV found an employee’s information on LinkedIn, likely someone who would have reason to have access to the systems that were attacked, and convinced someone at the MGM help desk to give them the information they needed. Could have been as simple as “I forgot my password,” but again, we don’t know.
But why would the hackers admit to it? Let’s let the film The Big Short sum it up:
MGM has had a bad week
The hack wreaked havoc on MGM properties, particularly those in Las Vegas. It isn’t 100% clear if it took systems down or if MGM shut them down itself, though it was probably the latter. Reports from MGM casinos were that ATMs weren’t working, electronic gaming machines were all down, the booking website was out of order, and guests couldn’t get into their hotel rooms because the electronic locks wouldn’t function.
For hotel-related problems, guests were at least able to visit the front desk to check in and out and to get physical keys to unlock their rooms.
After a hectic day, it MGM said that dining, entertainment, and gaming services were all operational, but it looks like hotel-related issues still existed, if this video from the Bellagio on Tuesday is any indication.
And despite assurance from MGM that gaming was good to go, it seems that there were still problems as of at least yesterday: