Posted on: November 14, 2023, 01:42h.
Last updated on: November 14, 2023, 01:42h.
The FBI has for months known the identities of at least 12 members of the “Scattered Spider” hacking group but has made no arrests. That’s despite many members of the group being based in the US and other Western countries, Reuters reports.
Scattered Spider has been targeting corporations for the past two years but became notorious for its devastating ransomware attacks on MGM Resorts International and Caesars Entertainment in September.
MGM, which refused to pay up, saw disruption to its operations that lasted for days and caused an estimated $100 million worth of damage. Caesars paid a ransom of around 15 million to have normal services restored, according to The Wall Street Journal.
Scattered Spider, also known as Octo Tempest, is an amorphous group of cyber criminals that engages in a range of crimes from ransomware to sextortion and phone scams. They are known to discuss their activities on public forums like Telegram and Discord.
Scattered Spider and Octo Tempest are monikers coined by the cybersecurity community and not by the criminals themselves. The individuals who attacked MGM and Caesars refer to themselves collectively as “Star Fraud.” They are part of a loose group of hackers that calls itself “the Com.”
The group’s MO often involves targeting tech personnel at corporations and using social engineering techniques to trick them into granting access to protected systems, as was the case with MGM.
Sometimes, they resort to threats of violence. In at least one incident an employee was told his wife would be shot unless he disclosed his log-in credentials.
First noticed in early 2022, this year the group progressed from SIM swapping and crypto theft to extorting telecommunications, email, and technology organizations.
The FBI has been investigating the Com for some time, but the casino attacks have amped up the pressure on the agency, and cybersecurity sources who spoke to Reuters this week expressed frustration at the lack of arrests.
Michael Sentonas is president of CrowdStrike, one of many cybersecurity firms tracking the group.
“For such a small group, they are absolutely causing havoc. I would love for somebody to explain [the lack of arrests] to me,” he said, adding that the hackers were “known.”
Sentonas believes the situation points to a “failure” of law enforcement.
Casinos are prime targets for cybercriminals because of the vast amount of data accrued through loyalty programs and the credit card-intensive nature of hotel booking. But such attacks have appeared to be on the rise in recent years.
Scattered Spider is notable because its members are mainly English-speaking. High-profile cybercrime has traditionally been the domain of East European criminal gangs or state-sponsored attacks orchestrated by North Korea or Iran.