MGM Hackers Broadening Targets, Monetization Strategies
Google-owned Mandiant says the financially motivated threat actor responsible for the recent MGM Resorts hack has been expanding its targets, as well as its monetization strategies.
Tracked as UNC3944 and also referred to as 0ktapus, Scatter Swine, and Scattered Spider, the hacking group has targeted at least 100 organizations, mostly in the United States and Canada. The group typically engages in SMS phishing campaigns (smishing), but has been broadening its skills and arsenal of tools and is expected to start targeting more industries.
Mandiant also noticed that the group shifted to ransomware deployment in mid-2023, which can be highly profitable. In some attacks, they were seen using the ALPHV (BlackCat) ransomware, but Mandiant believes they could use other ransomware as well, and they may “incorporate additional monetization strategies to maximize their profits in the future.”
The threat actor has been active since late 2021, typically employing smishing to obtain valid employee credentials and contacting the victim organization’s help desk to obtain multi factor authentication (MFA) codes or reset account passwords, by impersonating the targeted employees.
.jpg)
-3-(1).jpg)