A group of Western hackers, known as Scattered Spiders, are thought to be at the forefront of the recent cyber attack on MGM Resorts, according to reports from the Financial Times.
Sources have indicated the group of hackers has been targeting other companies in a bid to extort them into paying large ransoms. The attack on MGM, which occurred earlier this week, took down almost all digital systems at MGM Resorts.
Websites for MGM Resorts casinos in Las Vegas such as the MGM Grand, Aria Resorts, and Luxor were down or showing placeholder texts, with the reservations systems also offline. ATMs and bill breakers in casinos were also not working, with reports indicating that players could not withdraw money from slot machines. Cashless games such as roulette and blackjack were unaffected.
The group, who specialize in impersonation and malware and use fraudulent phone calls to extract login credentials, have succeeded in their extortion efforts and are "very disruptive" according to Charles Carmakal, chief technology officer of Google-owned cybersecurity group Mandiant.
“They are very active, very disruptive and cause chaos and can break in and cause a lot of pain. They are successful because they are very good at research and have good skills.”
Casino patrons encountered difficulties with both check-in and check-out procedures as casino staff were unable to access the reservation systems, reports said. Furthermore, the credit card systems were offline, preventing guests from charging beverages and additional services to their rooms, as these central systems were also non-operational.
Brian Ahern, Director of Communications at MGM Resorts, released a statement on Monday morning, Las Vegas time, revealing that the casino company had fallen victim to an unidentified cyberattack.
“MGM Resorts has identified a cybersecurity issue affecting some of the company's systems. Immediately after discovering the issue, we launched an investigation with the help of leading third-party cybersecurity experts", said Ahern.
“We have also notified law enforcement and taken immediate action to protect our systems and data, including shutting down certain systems. Our investigation is ongoing and we are working diligently to determine the nature and extent of the case.”
Ahern was forced to communicate via his personal Gmail email address as his corporate account had been compromised during the cyber attack.