View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 17, 2023

FBI hunts Scattered Spider hackers that targeted Las Vegas casinos

The group is thought to be a collection of young men from the UK and US, and they are doing plenty of damage.

By Matthew Gooding

The FBI and US cybercrime agency CISA are putting additional resources into the hunt for members of the Scattered Spider cybercrime gang which has hit over 100 victims, including high-profile casinos.

Scattered Spider could be, er, scattered across the US and UK, the FBI believes. (Photo by novama/Shutterstock)

Members of the gang are thought to be young men based in the UK and US. The two agencies yesterday urged victims to come forward to help with their investigations.

Scattered Spider takes down casinos

Also known as 0ktapus and Scatter Swine, Scattered Spider had targeted over 100 victims as of September 2023, according to analysis from security vendor Mandiant.

The gang’s primary attack method is to use social engineering attacks, launching phishing campaigns via text messages and calls to victim help desks to attempt to obtain password resets or multifactor authentication bypass codes. They often pose as IT support staff or workers at IT service providers to gain the credentials they require from unsuspecting employees.

Its most notable breaches to date saw it hit two Las Vegas casinos in September, with MGM Resorts having to take its booking systems and slot machines offline after it was hacked by the group. Scattered Spider managed to steal customer data in the attack, and though MGM declined to pay a ransom demand, it is still facing a hefty bill for dealing with the breach, which could run to $100m according to regulatory filings.

Meanwhile, another casino operator, Caesars Entertainment, was also hit in September, confirming via a submission to US financial regulator the Securities and Exchange Commission (SEC) that a database of customer information was stolen. Bloomberg reported at the time that Caesars paid “millions of dollars” to the hackers to stop them from releasing this information, though the company has not commented on this.

FBI has the hackers in its crosshairs

The FBI warning says that, after using social engineering techniques to obtain legitimate credentials, Scattered Spider hackers often use publicly available, legitimate remote access tools to enter systems. The group then deploys info-stealing malware, including Racoon Stealer and VIDAR Stealer, and has recently started encrypting victim information before making attempts at extortion, the Bureau said.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

An FBI spokesperson told reporters on Thursday that the agencies were putting additional resources into tracking the gang down, and urged victims to come forward with any information that might help with their efforts, such as communication with the group or benign samples of encrypted files.

Scattered Spider’s tactics and the alleged make-up of the group means it could bear more than a passing resemblance to Lapsus$, the UK-based hacking gang which terrorised some of the biggest names in tech for a short period of 2022. The group hit victims including Microsoft, Samsung and Nvidia, and months later struck Uber and Grand Theft Auto publisher Rockstar Games.

This group also favoured basic social engineering tactics to gain access to victim networks. In March 2022, UK police arrested seven teenagers in connection with the gang’s activities, with a 16-year-old boy reported to be its mastermind.

Read more: BlackCat reports hacking victim to SEC

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.