By Zeba Siddiqui
SAN FRANCISCO (Reuters) – Recently, hackers who infiltrated renowned casino corporations MGM Resorts International and Caesars Entertainment also gained unauthorized access to systems at three additional companies operating in manufacturing, retail, and technology sectors, a security executive familiar with the situation disclosed.
David Bradbury, the chief security officer at identity management firm Okta, revealed that since August, five of the company’s clients, including MGM and Caesars, have fallen prey to cyberattack by the hacking groups ALPHV and Scattered Spiders.
In an interview with Reuters, Bradbury did not disclose the names of these other companies but confirmed that Okta is actively cooperating with the official investigation into the security breaches.
These cyberattacks have brought the growing menace of ransomware attacks to the forefront. Ransomware attacks target numerous companies each year, impacting a wide range of industries, from healthcare providers to telecommunications firms. Both MGM and Caesars witnessed a decline in their market value and stock prices last week, with MGM still struggling to recover from the operational disruptions faced by its hotels and gaming venues in Las Vegas and Macau.
Okta, headquartered in San Francisco and boasting a customer base of over 17,000 worldwide, provides identity services, including multi-factor authentication, to enable users to securely access online applications and websites. Bradbury highlighted that multiple security breaches affecting Okta clients last month prompted the company to issue an alert.
“We observed that these incidents occurred within a relatively short period of time, so we deemed it necessary to come forward and inform the wider industry about what is happening,” he stated.
At the time, Okta reported that its US-based clients were reporting consistent attack patterns, where hackers masqueraded as employees of the targeted companies and convinced the IT helpdesk to grant them duplicate access.
“Over the past six to 12 months, we have witnessed a consistent escalation in these types of attacks,” Bradbury explained.
MGM has refrained from commenting on the statement or the cyber attack, apart from acknowledging last week that it was addressing a “cybersecurity issue.” Caesars had previously announced that it was launching an investigation into the breach.
The story remains ongoing.
ALPHV, a hacking group motivated by financial gain, claimed credit for the MGM breach in a post on its website on Friday. The group also issued a warning about potential future attacks if MGM refused to negotiate. The ransom amount demanded by ALPHV remains undisclosed.
Bradbury indicated that the group managed to breach MGM’s systems and gain unauthorized access to its Okta client, thereby compromising additional credentials within the identity management firm’s system.
According to Bradbury, Scattered Spiders, as per research conducted by security analysts monitoring both groups, appears to have collaborated with ALPHV in executing these recent cyber attacks. “Think of them more as business partners,” he stated.
Last week, Google’s Mandiant Intelligence identified Scattered Spider, also known as UNC3944, as one of the most disruptive hacking organizations in the United States. Bradbury confirmed that Mandiant’s description of the group’s modus operandi aligned with the observations made by Okta during recent cyber attacks.
(Reporting by Zeba Siddiqui in San Francisco; Editing by Michael Perry)