Caesars, MGM Hackers Often Resort to Extortion, Threats of Violence, Says Microsoft

“Scattered Spider,” the cyber threat actors who recently hacked Caesars Entertainment and MGM Resorts International, have ties to a broader group of cyber bandits known as “Octo Tempest” that’s known for extorting and threatening victims with violence.

Spoofing
Perpetrators of recent cyberattacks against Caesars and MGM are known to use extortion and threats of violence. (Image: Getty)

A new report by Microsoft Security confirmed that Octo Tempest “leverages broad social engineering campaigns” to exploit organizations’ technological vulnerabilities in an effort to gain financial compensation. Social engineering is believed to be the tactic used to wreak havoc on MGM’s US casino hotels last month and extort a $15 million ransom payment from Caesars.

Social engineering can be as simple as hackers obtaining the name and title of a company’s staffer and then contacting the firm’s information technology (IT) department to request new login credentials. Octo Tempest initially caught the eyes of technology providers in early 2022 when it engaged in sim swaps for cash and hacked the cryptocurrency accounts of wealthy individuals.

Building on their initial success, Octo Tempest harnessed their experience and acquired data to progressively advance their motives, targeting, and techniques, adopting an increasingly aggressive approach,” noted Microsoft. “In late 2022 to early 2023, Octo Tempest expanded their targeting to include cable telecommunications, email, and technology organizations.”

Earlier this year, Octo Tempest is believed to have joined forces with ALPHV/BlackCat, which is a ransomware service (RaaS) outfit with ties to Scattered Spider.

Caesars, MGM Hackers Target Data-Rich Entities

In late 2022, the Octo Tempest/Scattered Spider morphed to focus on companies such as cable telecommunications, email, and technology organizations in an effort to procure customers’ sensitive data and leverage possession of that information for monetary gain.

Owing to the credit card-intensive nature of hotel bookings and the copious amounts of data accrued via loyalty programs, gaming companies are prime targets for cyber infiltrations and ransomware attacks.

“Octo Tempest progressively broadened the scope of industries targeted for extortion, including natural resources, gaming, hospitality, consumer products, retail, managed service providers, manufacturing, law, technology, and financial services,” added Microsoft.

While the list of companies, including Caesars, that have paid ransomware demands is lengthy, not all organizations meet threat actors’ financial demands. The FBI encourages ransomware victims to not pay up. MGM didn’t.

In fact, CEO Bill Hornbuckle recently said Scattered Spider waited several days before making its ransom demand. By that time, the casino operator was rebuilding its systems, and with that money already being spent, it wasn’t practical to compensate the hackers.

“The goal of Octo Tempest remains financially motivated, but the monetization techniques observed across industries vary between cryptocurrency theft and data exfiltration for extortion and ransomware deployment,” observed Microsoft.

Extortion, Sometimes Violent Threats Used

Ultimately, groups such as Octo Tempest and Scattered Spider aim to extract financial payments from victims. However, there are occasions when cyber threat actors resort to threats of violence and even a ploy known as “sextortion.”

In rare instances, Octo Tempest resorts to fear-mongering tactics, targeting specific individuals through phone calls and texts. These actors use personal information, such as home addresses and family names, along with physical threats to coerce victims into sharing credentials for corporate access,” said Microsoft.

It’s not clear if such tactics were used against Caesars or MGM employees, but as the image below indicates, ransomware perpetrators can be aggressive in their attempts to get staffers to play ball.

octo tempest
Threats sent by Octo Tempest to targets. (Image: Microsoft Security)
Todd Shriber
Todd Shriber Financial Reporter

Todd Shriber is a senior news reporter covering gaming financials, casino business, stocks, and mergers and acquisitions for Casino.org.

Todd got his start in financial markets as a reporter with Bloomberg News. Later, he became a trader at a Southern California-based long/short hedge fund, where he specialized in the trading sector and international ETFs leading up to and during the financial crisis. He joined Casino.org in 2019.

Currently, Todd analyzes, researches, and writes on ETFs for various web-based publications and financial services firms. Shriber has been featured and quoted in Barron's, CNBC.com, and The Wall Street Journal. His work can also be found on Benzinga, ETF Daily News, ETF Trends, MarketWatch, Fox Business, and Nasdaq.com.

He currently resides in Las Vegas, where he enjoys golf and taking his black lab to the dog park. He's also an avid sports fan and likes to wager on college football and the NBA. You can also find him at the three-card poker and roulette table, even though he knows better.

Contact Todd at todd.shriber@casino.org.

Comments icon

Conversation (0)

+ Add a comment

Be the first to comment on this article.

Write a comment

Your email address will not be published.