Caesars Entertainment reportedly paid “tens of millions of dollars” to hackers who threatened to release company data, Bloomberg has reported. The attack was reportedly perpetrated by a group called Scattered Spider (aka UNC 3944), a group skilled at using social engineering to bypass corporate network security. It’s the second notable attack of a Las Vegas casino group, following a hack that caused a cyber outage at MGM Resorts.
Members of the hacking group are reportedly located in the US and UK and are as young as 19 years old. They began targeting Caesars as early as August 27th, and obtained access to an outside vendor before entering the company’s network, according to the report. Caesars is expected to disclose the attack “imminently” in a regulatory filing.
Scattered Spider has reportedly been activate since May of 2022, and has largely attacked telecom and business outsourcing organizations, according to Trellix. The group is known to impersonate IT personnel and uses social engineering to persuade company officials to rum remote monitoring and other tools. From there, they exploit vulnerabilities and use tools like “Stonestop” to evade security software. Security Week describes them as a “financially-motivated threat actor.”
The group has been implicated in the MGM Resorts cyber outage as well, though another ransomware group called ALPHV/BlackCat also took credit. ALPHV also claims to have used social engineering to get inside, saying it took just a ten minute conversation to gain access. MGM has reportedly declined to pay the demanded ransom.