Breach cyber

MGM Resorts

Jul 7, 2025 1 min read
MGM Resorts

The cybercriminal group Scattered Spider targeted MGM Resorts in a high-profile attack, resulting in the theft of approximately 6 terabytes of data and causing over $100 million in damages. The group's primary attack vector was social engineering, particularly through help desk impersonation. The stolen data and financial losses highlight the significant impact of the attack on the organization's reputation and financial stability.

Source: https://cybersecuritynews.com/scattered-spider-upgraded-their-tactics-to-abuse-legitimate-tools/

TPRM report: https://scoringcyber.rankiteo.com/company/mgm-resorts-international

"id": "mgm752070725",
"linkid": "mgm-resorts-international",
"type": "Breach",
"date": "7/2025",
"severity": "100",
"impact": "6",
"explanation": "Attack threatening the economy of geographical region"
{'affected_entities': [{'industry': 'Hospitality',
                        'name': 'MGM Resorts',
                        'type': 'Casino'}],
 'attack_vector': 'Social Engineering, Help Desk Impersonation',
 'data_breach': {'data_exfiltration': True},
 'description': 'The cybercriminal group known as Scattered Spider has '
                'significantly evolved its attack methodologies, demonstrating '
                'alarming sophistication in exploiting legitimate '
                'administrative tools to maintain persistent access to '
                'compromised networks. Also tracked under aliases including '
                'UNC3944, Scatter Swine, and Muddled Libra, this financially '
                'motivated threat actor has been actively targeting large '
                'enterprises since May 2022, with particular focus on '
                'telecommunications, cloud technology companies, and recently '
                'expanding into retail, finance, and airline sectors. The '
                'group’s primary attack vector remains social engineering, '
                'particularly through help desk impersonation where attackers '
                'pose as IT support staff to trick employees into revealing '
                'credentials or installing remote access software. This '
                'human-centric approach has proven devastatingly effective, as '
                'demonstrated by high-profile breaches including the MGM '
                'Resorts casino attack in 2023, which resulted in '
                'approximately 6 terabytes of stolen data and over $100 '
                'million in damages. The group’s operations typically '
                'culminate in data theft for extortion purposes, often '
                'collaborating with ransomware affiliates such as '
                'ALPHV/BlackCat and DragonForce.',
 'impact': {'data_compromised': 'Approximately 6 terabytes of data',
            'financial_loss': 'Over $100 million',
            'systems_affected': 'Amazon EC2 servers'},
 'initial_access_broker': {'entry_point': 'Help Desk Impersonation'},
 'motivation': 'Financial',
 'ransomware': {'ransomware_strain': ['ALPHV/BlackCat', 'DragonForce']},
 'references': [{'source': 'Rapid7'}],
 'threat_actor': 'Scattered Spider (also known as UNC3944, Scatter Swine, '
                 'Muddled Libra)',
 'title': 'Scattered Spider Attack on Large Enterprises',
 'type': 'Data Theft, Extortion'}
Published by
Jeremy C
Jeremy C
You might also like
Breach cyber

TalentHook

public 1 min read
Security researchers from Cybernews discovered an unprotected database containing almost 26 million files, primarily resumes and CVs of US citizens.…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.