Decoding the MGM Attack: A Step-by-Step Odyssey into Digital Deception

Dipankar Sarkar
LastingAsset
Published in
3 min readNov 1, 2023

The vast digital sea is teeming with mysteries and threats that often lurk beneath the surface. As we delve deeper into the enigmatic waters of the MGM cyberattack, we chart a course through the intricate maze of decisions, actions, and tactics employed by the nefarious Scattered Spider. Our odyssey begins.

The digital realm

Act 1: The Reconnaissance

Every great heist movie has a scene where the villains stake out the target, gathering intelligence. Scattered Spider was no different. Their mission? To learn everything possible about MGM and its gatekeepers. *LinkedIn*, the bustling marketplace of professional identities, was their treasure map. By focusing on those with the keys to the kingdom (or in this case, significant privileges within Okta’s systems), they drew up a list of potential targets. It was the digital equivalent of knowing the guards’ shifts, the bank manager’s habits, and the vault’s code.

Act 2: The Siren’s Call — Vishing

The term ‘vishing’ might sound innocuous, perhaps even a bit techy-trendy. Still, its implications are profoundly dangerous. Combining “voice” with “phishing,” it represents the art of deceit over the phone. Scattered Spider, in a performance worthy of an Oscar, convinced the IT Desk they were a genuine, trusted individual, playing on human empathy and urgency. The bait? The resetting of MFA credentials. And MGM bit.

Act 3: Breaching the Digital Bastions

With their disguise holding, Scattered Spider moved swiftly. They compromised Okta admin accounts, a veritable goldmine, giving them the ability to plunder sensitive data at will. But they weren’t content with just this. They set their sights higher, casting their net onto the vast azure expanse of the Microsoft Cloud. Here, they didn’t merely threaten individual applications; they jeopardized the entire digital realm of MGM.

The plot twist? While MGM’s digital paladins managed to retaliate by disabling the breached servers, the damage had already taken root. The invaders had secured their foothold, and the stage was set for the next chapter in this digital drama.

Intermission: The Aftermath

The curtain falls momentarily. The vast digital expanse of MGM stands compromised. Their systems are infiltrated, data exfiltrated, and the looming shadow of BlackCat/ALPHV is about to enter the fray. The digital realm, once a bustling hub of activity, stands on the precipice of chaos.

But remember, dear reader, this isn’t just a recounting of a singular event. It’s a lesson, a study, and a call to arms. As we unravel the MGM saga, we hope to offer insights, learnings, and tools for every organization to safeguard its citadels against such threats.

So, fasten your seatbelts, for the journey is far from over. Our next installment dives into the key takeaways from the MGM attack, unraveling the lessons and preparing us all for a safer digital tomorrow.

[Stay Tuned for Part 3: Lessons from the Digital Trenches — Protecting Your Kingdom from Impersonation Threats]

--

--