Sep 15, 2023 - Technology

Cybercrime gangs give competing casino narratives

Illustration of a computer wearing a bandit's mask.

Illustration: Aïda Amer/Axios

Exactly who is behind the apparent cyberattack on MGM this week isn't clear yet — but two cybercrime gangs are arguing they were involved.

Driving the news: Members of hacking group Scattered Spider told news outlets Thursday that they were the ones who first targeted MGM's networks last week.

  • However, ransomware gang Alphv, also known as Black Cat, posted a long statement Thursday to its dark-web site claiming it was actually responsible.
  • While Alphv claimed responsibility for the attack, the statement did not address whether Scattered Spider was acting as an Alphv affiliate, or a group that carries out an attack using ransomware developed by Alphv.

Why it matters: The dueling narratives are adding to an already chaotic news cycle that's been filled with social media-fueled speculation.

  • No one will know for sure who targeted MGM until the company or law enforcement provides public details about the incident.

Threat level: Both groups are seen as major cybercrime threats in their own right, experts say.

  • Scattered Spider is believed to be a group of young adults based in the U.S. and the U.K. who are well known for using social engineering to launch attacks, according to Bloomberg.
  • They've also been seen deploying Alphv's encryption in recent months, Charles Carmakal, chief technology officer at Google Cloud's Mandiant, wrote on LinkedIn this week.
  • Scattered Spider is well known for an attack that hit more than 130 organizations last year and stole more than 10,000 employees' login credentials.

Meanwhile, Alphv has its own reputation for dangerous, widespread attacks.

The big picture: Identities in the ransomware world are obfuscated on purpose to make it more difficult for law enforcement to pinpoint who's behind an attack.

  • Not only is it typical for a larger ransomware operator to claim credit for an attack that an affiliate launched, but it's also possible for a larger group like Alphv to launch an entire attack on its own, in house.

Be smart: MGM, the FBI and third-party cyber incident response firms will have the most reliable information for who's behind the attack and how it happened.

Sign up for Axios' cybersecurity newsletter Codebook here

Go deeper