By Zeba Siddiqui
SAN FRANCISCO (Reuters) – Recently, systems at three other companies in manufacturing, retail, and technology were compromised by the same hackers who infiltrated the casino giants MGM Resorts International and Caesars Entertainment, according to a security executive familiar with the situation.
David Bradbury, the chief security officer at identity management company Okta, revealed that since August, five of the company’s customers, including MGM and Caesars, have fallen victim to the hacking groups ALPHV and Scattered Spiders.
During an interview with Reuters, Bradbury did not disclose the names of the other companies but stated that Okta is cooperating with the official investigation into the breaches.
These hacks have brought attention to the issue of ransomware attacks, which impact numerous companies each year, ranging from healthcare providers to telecommunications companies. As a result, the market value of both MGM and Caesars declined last week due to a decrease in stock prices. Additionally, MGM is still struggling with operational disruptions in its hotels and gaming venues from Las Vegas to Macau.
Based in San Francisco, Okta provides identity services, such as multi-factor authentication, to over 17,000 customers worldwide. Bradbury mentioned that the company had to issue an alert after noticing a series of breaches affecting its customers last month.
“We observed that these events occurred within a short span of time and felt the need to come forward and explain what is happening to the industry as a whole,” Bradbury said.
At that time, Okta declared that its US customers were experiencing a consistent pattern of attacks where hackers posed as employees of the victimized company and convinced the IT helpdesk to provide them with duplicate access.
“Over the past six to 12 months, we have witnessed a steady increase in these types of attacks,” Bradbury stated.
MGM has not provided any comments on the statement or the hack, other than acknowledging that it was addressing a “cybersecurity issue” last week. Caesars had previously announced that it was conducting an investigation into the breach.
A financially motivated hacking group called ALPHV claimed responsibility for the MGM hack in a post on its website last Friday and issued a warning of future attacks if MGM does not negotiate. The demanded ransom amount from ALPHV remains undisclosed.
Bradbury explained that the group managed to breach MGM’s security and gained access to its Okta client, which provided them with additional credentials in the identity management firm’s system.
According to Bradbury, Scattered Spiders collaborated with ALPHV in the recent hacks, basing his statement on research conducted by security analysts who tracked both groups. “Consider them more as business associates or partners,” he suggested.
Last week, Google’s Mandiant Intelligence identified Scattered Spider, also known as UNC3944, as one of the most disruptive hacking organizations in the United States. Bradbury affirmed that Mandiant’s description of the group’s approach aligns with what Okta has witnessed in recent hacking incidents.
(Reporting by Zeba Siddiqui in San Francisco; Editing by Michael Perry)