In late 2023, MGM Resorts International fell victim to a devastating cyberattack orchestrated by the hacking collective **Scattered Spider**, leveraging **BlackCat ransomware**. The attack, executed through sophisticated social engineering and network intrusions, resulted in the exfiltration of confidential data, followed by threats to leak the information and disrupt operations via DDoS attacks. The financial toll exceeded **$100 million** in damages, with Caesars Entertainment (another targeted casino operator) paying a **$15 million ransom** to mitigate the fallout. The breach severely disrupted MGM’s operations, including slot machines, hotel reservations, and digital payment systems, causing widespread outages and reputational harm. Authorities later linked a **17-year-old local suspect** to the attack, alleging his involvement in extorting **$1.8 million in Bitcoin**, which remains unrecovered. The incident underscored vulnerabilities in critical infrastructure, exposing how ransomware groups exploit human and technical weaknesses to cripple high-profile targets.
TPRM report: https://www.rankiteo.com/company/mgm-resorts-international
"id": "mgm2602026092725",
"linkid": "mgm-resorts-international",
"type": "Ransomware",
"date": "6/2023",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"{'affected_entities': [{'industry': 'Hospitality/Gaming',
'location': 'Las Vegas, Nevada, USA',
'name': 'MGM Resorts International',
'type': 'Corporation'},
{'industry': 'Hospitality/Gaming',
'location': 'Las Vegas, Nevada, USA',
'name': 'Caesars Entertainment',
'type': 'Corporation'}],
'attack_vector': ['Social Engineering',
'Ransomware (BlackCat)',
'DDoS Threats',
'Data Exfiltration'],
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Confidential victim data'},
'description': 'Between August and October 2023, multiple casinos owned by '
'MGM Resorts International and Caesars Entertainment were '
'targeted in a massive cyberattack attributed to the hacking '
'collective Scattered Spider. The attack, involving BlackCat '
'ransomware and social engineering tactics, resulted in over '
'$100 million in damages. Caesars Entertainment paid a $15 '
'million ransom, while a 17-year-old suspect from Las Vegas, '
'allegedly holding $1.8 million in ransomed Bitcoin, was '
'recently released on bail to his parents. The group, composed '
'primarily of English-speaking teens and young adults, '
'executed sophisticated network intrusions, exfiltrating '
'confidential data and threatening DDoS attacks.',
'impact': {'brand_reputation_impact': 'High (publicized breach involving '
'major casino brands)',
'data_compromised': 'Confidential victim data (exfiltrated)',
'financial_loss': '$100 million (combined damages)',
'legal_liabilities': 'Ongoing (prosecution of 17-year-old suspect, '
'potential adult trial)'},
'initial_access_broker': {'high_value_targets': ['MGM Resorts',
'Caesars Entertainment']},
'investigation_status': 'Ongoing (suspect released on bail; $1.8M in Bitcoin '
'unrecovered; UK arrests of additional suspects)',
'motivation': 'Financial Gain',
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransom_demanded': '$15 million (paid by Caesars '
'Entertainment)',
'ransom_paid': '$15 million (by Caesars)',
'ransomware_strain': 'BlackCat (ALPHV)'},
'references': [{'source': "Tom's Hardware"}],
'regulatory_compliance': {'legal_actions': 'Ongoing prosecution of '
'17-year-old suspect; potential '
'adult trial for '
'extortion/conspiracy'},
'response': {'law_enforcement_notified': True},
'threat_actor': 'Scattered Spider',
'title': '2023 Cyberattack on MGM Resorts and Caesars Entertainment by '
'Scattered Spider',
'type': ['Cyberattack', 'Ransomware', 'Data Breach', 'Extortion']}