A cyberattack attributed to hacker group Scattered Spider has caused an outage across MGM Resorts International’s computer systems, affecting some casino and hotel computer systems including the company’s website.
An error message on the website reads: “The MGM Resorts website is currently unavailable. We apologize for the inconvenience.” Users are instead directed to mobile applications and third-party services to access certain parts of the company’s offerings.
The “cybersecurity issue,” which has been ongoing since September 11, remains under investigation with even the FBI stepping in.
Major MGM outage being investigated
The FBI confirmed on September 13 that it had started investigating the incident (via Reuters), while MGM posted to X earlier this week: “Our investigation is ongoing and we are working diligently to determine the nature and scope of the matter.”
MGM’s website is currently directing restaurant customers to make reservations via its app, and for resident artist, production show, or attraction bookings to be made via Ticketmaster. Customers seeking UFC, Las Vegas Aces, Vegas Golden Knights, and Arena-based concert events are being told to use AXS.
Mandiant Intelligence’s CTO, Charles Carmakal, spoke on LinkedIn about the group, also known as UNC3944, calling it “one of the most prevalent and aggressive threat actors impacting organizations in the United States today.”
Carmakal said the cybersecurity company would publish more details about the group soon.
In the meantime, Reuters referred to a previous Crowdstrike blog post offering insight into the group’s activity: “Identified by analysts last year, this group uses social engineering to lure users into giving up their login credentials or one-time-password (OTP) codes to bypass multi-factor authentication.”
More broadly, a Bloomberg report citing four people familiar with the matter stated that the same group was responsible for a Caesars Entertainment Inc. breach just a few weeks ago. Another article suggests that Caesars paid “tens of millions” to the hackers responsible and has plans to “disclose the cyberattack in a regulatory filing imminently.”
More from TechRadar Pro