The MGM Cyberattack: A Revealing Glimpse into Modern Digital Threats

Dipankar Sarkar
LastingAsset
Published in
3 min readOct 19, 2023

In the sprawling metropolis of the digital realm, not all that glitters is gold. With every leap in technology and online innovation, shadows of cyber threats loom larger, casting doubt on our perceived safety. One such ominous shadow recently passed over the neon-lit boulevards of MGM Resorts International, painting a tale that’s as thrilling as any blockbuster movie — and just as cautionary.

MGM Grand

Las Vegas — a city where fortunes change overnight. For MGM Resorts International, however, it wasn’t the turn of a poker card or the spin of a roulette wheel that threatened their empire. It was something far more sinister.

A mysterious criminal gang known as Scattered Spider (or should we say, Roasted 0ktapus? UNC3944? Storm-0875?). This team, with footprints spanning the USA and UK, had set its sights on one of the grandest prizes in the hospitality world: the digital backbone of MGM Resorts International. The giants behind the Bellagio, MGM Grand, and Mandalay Bay were about to face a storm they hadn’t seen coming.

The scene unfolds. Scattered Spider, leveraging the most ancient and potent tool in their arsenal — human psychology — began their siege. Through social engineering, they exploited human trust and curiosity. Their first weapon wasn’t a line of code or a piece of malware; it was our age-old Achilles’ heel: **password reuse**. It’s an oversight many of us are guilty of, yet its consequences can be catastrophic.

And as any masterful plot would have it, they added layers of subterfuge. Information gathered from a high-value user’s LinkedIn profile was their trump card to dupe the helpdesk into resetting multi-factor authentication (MFA) credentials. An audacious move, but it played out perfectly in their favor. A subsequent report echoed the chilling reality: the attackers had hoodwinked the very guardians at the gates, the help desk.

But that was just the opening act.

In a twist reminiscent of a high-stakes poker game, the attackers went all-in, seizing control of MGM’s Microsoft Azure cloud environment. This wasn’t just a small infiltration; they had breached the fort walls, endangering the entire kingdom of MGM’s cloud assets.

As the dust settled momentarily, MGM’s response teams, like knights in shining armor, charged forward. They halted the malicious advance by disabling the compromised Okta sync servers, effectively slamming shut the doors the attackers had first cracked open. But, as in any gripping tale, the damage was far from over. The villains had already whisked away terabytes of sensitive data, their spoils of war, and they still held keys to the kingdom — the cloud platform.

And just when it seemed the plot couldn’t thicken any further, a new player entered the stage: the BlackCat/ALPHV ransomware group. As the night darkened, MGM’s ESXi servers, those silent workhorses powering their vast empire, fell one by one. Imagine: hotel room keys rendered useless, dinner reservations vanishing into the ether, slot machines growing eerily silent. The heart of Las Vegas skipped a beat, with MGM hemorrhaging both money and trust with each passing second.

Yet, this story isn’t just about the fall of a giant. It’s a mirror held up to every organization, highlighting the ever-present threats in our interconnected digital world. How did one of the biggest names in hospitality, with all its resources, fall prey to such an attack? The answers are as enlightening as they are unsettling. But fear not, dear reader, for in understanding these events lies the path to fortification.

Stay with us as we journey deeper into this digital saga, decoding its lessons and laying the blueprint for a safer, more secure digital future. The next chapter awaits…

[Stay Tuned for Part 2: Decoding the MGM Attack: A Step-by-Step Breakdown]

--

--