Cybercrime gangs give competing casino narratives
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Aïda Amer/Axios
Exactly who is behind the apparent cyberattack on MGM this week isn't clear yet — but two cybercrime gangs are arguing they were involved.
Driving the news: Members of hacking group Scattered Spider told news outlets Thursday that they were the ones who first targeted MGM's networks last week.
- However, ransomware gang Alphv, also known as Black Cat, posted a long statement Thursday to its dark-web site claiming it was actually responsible.
- While Alphv claimed responsibility for the attack, the statement did not address whether Scattered Spider was acting as an Alphv affiliate, or a group that carries out an attack using ransomware developed by Alphv.
Why it matters: The dueling narratives are adding to an already chaotic news cycle that's been filled with social media-fueled speculation.
- No one will know for sure who targeted MGM until the company or law enforcement provides public details about the incident.
Threat level: Both groups are seen as major cybercrime threats in their own right, experts say.
- Scattered Spider is believed to be a group of young adults based in the U.S. and the U.K. who are well known for using social engineering to launch attacks, according to Bloomberg.
- They've also been seen deploying Alphv's encryption in recent months, Charles Carmakal, chief technology officer at Google Cloud's Mandiant, wrote on LinkedIn this week.
- Scattered Spider is well known for an attack that hit more than 130 organizations last year and stole more than 10,000 employees' login credentials.
Meanwhile, Alphv has its own reputation for dangerous, widespread attacks.
- The group, which is believed to be based in Russia, is known for its ruthless extortion techniques. Its members released stolen photos from breast cancer patients' examinations while extorting the Lehigh Valley Health Network earlier this year, for instance.
- Other victims have included Western Digital and Sun Pharmaceuticals.
The big picture: Identities in the ransomware world are obfuscated on purpose to make it more difficult for law enforcement to pinpoint who's behind an attack.
- Not only is it typical for a larger ransomware operator to claim credit for an attack that an affiliate launched, but it's also possible for a larger group like Alphv to launch an entire attack on its own, in house.
Be smart: MGM, the FBI and third-party cyber incident response firms will have the most reliable information for who's behind the attack and how it happened.
Sign up for Axios' cybersecurity newsletter Codebook here
