The FBI and US cybercrime agency CISA are putting additional resources into the hunt for members of the Scattered Spider cybercrime gang which has hit over 100 victims, including high-profile casinos.
Members of the gang are thought to be young men based in the UK and US. The two agencies yesterday urged victims to come forward to help with their investigations.
Scattered Spider takes down casinos
Also known as 0ktapus and Scatter Swine, Scattered Spider had targeted over 100 victims as of September 2023, according to analysis from security vendor Mandiant.
The gang’s primary attack method is to use social engineering attacks, launching phishing campaigns via text messages and calls to victim help desks to attempt to obtain password resets or multifactor authentication bypass codes. They often pose as IT support staff or workers at IT service providers to gain the credentials they require from unsuspecting employees.
Its most notable breaches to date saw it hit two Las Vegas casinos in September, with MGM Resorts having to take its booking systems and slot machines offline after it was hacked by the group. Scattered Spider managed to steal customer data in the attack, and though MGM declined to pay a ransom demand, it is still facing a hefty bill for dealing with the breach, which could run to $100m according to regulatory filings.
Meanwhile, another casino operator, Caesars Entertainment, was also hit in September, confirming via a submission to US financial regulator the Securities and Exchange Commission (SEC) that a database of customer information was stolen. Bloomberg reported at the time that Caesars paid “millions of dollars” to the hackers to stop them from releasing this information, though the company has not commented on this.
FBI has the hackers in its crosshairs
The FBI warning says that, after using social engineering techniques to obtain legitimate credentials, Scattered Spider hackers often use publicly available, legitimate remote access tools to enter systems. The group then deploys info-stealing malware, including Racoon Stealer and VIDAR Stealer, and has recently started encrypting victim information before making attempts at extortion, the Bureau said.
An FBI spokesperson told reporters on Thursday that the agencies were putting additional resources into tracking the gang down, and urged victims to come forward with any information that might help with their efforts, such as communication with the group or benign samples of encrypted files.
Scattered Spider’s tactics and the alleged make-up of the group means it could bear more than a passing resemblance to Lapsus$, the UK-based hacking gang which terrorised some of the biggest names in tech for a short period of 2022. The group hit victims including Microsoft, Samsung and Nvidia, and months later struck Uber and Grand Theft Auto publisher Rockstar Games.
This group also favoured basic social engineering tactics to gain access to victim networks. In March 2022, UK police arrested seven teenagers in connection with the gang’s activities, with a 16-year-old boy reported to be its mastermind.