Hackers behind MGM, Caesars cyber attacks reportedly targeted three more companies

Hackers who recently infiltrated the systems of major casino operators MGM Resorts International and Caesars Entertainment have reportedly also breached the security of three additional companies in the manufacturing, retail, and technology sectors.

David Bradbury, Chief Security Officer of identity management firm Okta, revealed that five of the company’s clients, including MGM and Caesars, have fallen victim to hacking groups identified as ALPHV and Scattered Spider since August, Reuters reported.

While the names of the other affected companies were not disclosed, Bradbury confirmed that Okta is actively cooperating with official investigations into these security breaches.

Okta, headquartered in San Francisco and boasting over 17,000 global customers, specializes in providing identity services such as multi-factor authentication to enhance the secure access of users to online applications and websites.

Last month, the company issued an alert in response to multiple breaches detected among its clients, which, Bradbury noted, exhibited a consistent pattern of attacks involving hackers impersonating a victim company’s employees and persuading their IT helpdesk to provide duplicate access, the report said.

“We saw this happened in such a small period of time and we thought we should be coming forward to the industry at large and explaining what’s happening here. We’ve seen consistently over the past six to 12 months, a ramp up in these types of attacks,” Bradbury was quoted as saying in the Reuters report.

ALPHV, a financially motivated hacking group, claimed responsibility for the MGM breach in a recent post on its website and issued a warning to MGM, hinting at further attacks unless certain conditions were met. The specific ransom demanded by ALPHV remains undisclosed.

The incident caused significant disruption across MGM’s casinos in the United States, impacting the company’s websites, reservation system, and certain slot machines. The FBI is currently investigating the incident. 

Caesars Entertainment officially confirmed that it suffered a data breach that may have resulted in the exposure of sensitive information, including data from its loyalty program database. The Wall Street Journal reported that the company paid approximately half of a $30 million ransom demanded by the hackers

Bradbury disclosed that the hacking group had successfully infiltrated MGM’s systems and gained access to its Okta client, thereby expanding its reach to additional credentials within Okta’s identity management platform.

In the case of the recent hacks, Bradbury pointed out that Scattered Spider appeared to have collaborated with ALPHV, as supported by research conducted by security analysts who had been monitoring both hacking groups. He characterized this collaboration as akin to a business partnership or affiliation.

The group claimed responsibility on Thursday and said it took six terabytes of data from the systems of MGM and Caesars as both companies probed the breaches. Speaking to Reuters via the messaging platform Telegram, a representative for the group said it did not plan to make the data public.

Google’s Mandiant Intelligence recently identified Scattered Spider, also known as UNC3944, as one of the most disruptive hacking entities in the United States. Bradbury noted that Mandiant’s description of the group’s tactics closely aligned with Okta’s observations of the recent security breaches.