SAN FRANCISCO, Calif. According to a security professional familiar with the situation, hackers who recently compromised the systems of casino powerhouses MGM Resorts International and Caesars Entertainment also hacked into the systems of three other businesses in the industrial, retail, and technology sectors.
Five of the business’s clients, including MGM and Caesars, have been attacked by hacker organizations known as ALPHV and Scattered Spider since August, according to David Bradbury, chief security officer of identity management company Okta.
While not naming the other businesses, Bradbury told Reuters that Okta was helping with the investigations into the intrusions.
The cyberattacks have brought ransomware attacks—cyber invasions that harm hundreds of businesses annually, from healthcare providers to telecom companies—new attention. Last week’s stock price decline resulted in a loss of market value for MGM and Caesars, and MGM has yet to recoup from different operating disruptions at the hotels and gambling establishments it controls from Las Vegas to Macau.
Okta, a San Francisco-based company that claims to have more than 17,000 clients worldwide, offers identity services including multi-factor authentication that enable users to safely access online programs and websites. The business sent a notice last month after discovering many breaches at its clients, according to Bradbury.
We believed we should come forward to the industry at large and explain what’s going on because everything transpired in such a short amount of time, he added.
At the time, Okta stated that its American clients were reporting a recurring pattern of assaults in which hackers pretended to be employees of the target company and persuaded its IT helpdesk to grant them duplicate access.
“We’ve seen a consistent uptick in these types of attacks over the past six to 12 months,” Bradbury added.
MGM has not responded to the statement or the incident, other than to declare last week that it was addressing a “cybersecurity issue.” Caesars previously stated that it was looking into the issue.
In a message on its website on Friday, the financially motivated hacking organization ALPHV claimed responsibility for the MGM intrusion and threatened MGM with more assaults if it didn’t reach a compromise. How much of a ransom ALPHV has asked for is unknown.
According to Bradbury, the gang broke into MGM and gained access to the company’s Okta client, which gave them additional access to more login credentials in the identity management company’s system.
According to studies by security professionals who have followed both organizations, Scattered Spider appears to have collaborated with ALPHV on the most recent intrusions, Bradbury claimed. Consider them more like business partners or affiliates, he said.
Scattered Spider, also known as UNC3944, was identified last week by Google’s Mandiant Intelligence as one of the most disruptive hacker groups operating in the US. Bradbury asserted that Okta’s observations of the most recent hacks were consistent with Mandiant’s assessment of the group’s techniques.