Categories: CyberCrimeSecurity

MGM Hackers Launch New Campaign Targeting Financial Sector

A hacking group that disrupted MGM Resorts International and Caesars Entertainment casinos has launched a new campaign against banks and insurance companies and has compromised at least two insurance firms, according to researchers.

The Scattered Spider group has targeted 29 companies since 20 April, including Visa, PNC Financial Services Group, Transamerica, New York Life Insurance and Synchrony Financial, a researhcer at Resilience Cyber Insurance Solutions told Bloomberg.

The researcher declined to name the two insurance companies that were compromised.

Scattered Spider emerged in May 2022 and to date is best known for an attack in September of last year that disrupted casinos in Las Vegas, Atlantic City and elsewhere, disrupting digital room keys, check-in systems, slot machines and card payments at some locations.

Image credit: Unsplash

Aggressive hackers

The group also late last year attacked crypto firm Coinbase and manufacturer Clorox, leading to a shortage of cleaning supplies on shelves in US stores.

The group’s members, which are believed to include teenagers and young adults in the US, the UK, as well as other western countries and Eastern Europe, often use social engineering techniques to obtain passwords and sensitive information from call centre employees and IT help desk staff.

In conversations with victims the attackers often behave aggressively, impersonating employers and threatening to have the person fired, or threatening physical violence, researchers have said.

Scattered Spider’s activities fell of between December and February before picking up in a renewed and intense bout of activity, according to Resilience and other researchers.

Resilience said the group calls itself Star Fraud and is drawn from a larger criminal group called The Com.

Credential theft

In its latest attacks the group purchased lookalike domains matching the names of targeted companies and created fake login pages designed to steal user credentials.

The login pages are branded as Okta or content-management systems. Okta, a centralised identity and access management company, said it has been “proactively notifying customers when we identify fake log-in pages like these”.

The MGM and Caesars attacks were carried out by targeting the companies’ Okta installations.

In November security researchers said the FBI was aware of the identities of at least a dozen members of Scattered Spider and speculated arrests had not been made because the agency did not have enough staff.

FBI cyber deputy assistant director Brett Leatherman told Reuters last week the agency was “working towards charging individuals where we can with criminal conduct” and that private firms were helping the FBI gather evidence.

‘Burden of proof’

“We have a certain burden of proof we have to meet to conduct law enforcement operations. And we are heading in that direction as quickly as we can,” Leatherman said.

In January the FBI charged 19-year-old Noah Urban from Florida with wire fraud offences. Leatherman said Urban was with the hacking group.

The gang has targeted more than 100 organisations in two years, all with some level of success, Google’s Mandiant security unit said.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

2 days ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

2 days ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

4 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

4 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

4 days ago
  翻译: