MGM Resorts breach: Russian hackers claim attack, irritating visitors

A collaboration of Russian ransomware hacker gangs may have been responsible for MGM Resorts International’s cybersecurity issue that has plagued the company for four days.

The hacker gang ALPHV, also known as BlackCat, said that it had breached the gaming giant with a simple phone call, according to a post on X from malware repository vx-underground.

ALPHV provided the ransomware and the infrastructure and affiliate groups have used it to carry out the attacks, experts said. A group calling itself Scattered Monkey is believed to have carried out the attack, according to Brett Callow, a threat analyst for Emsisoft, an anti-malware software company.

MGM has not commented on the cause of the issue, which it hasn’t characterized as a cyberattack.

MGM, the state’s largest employer, has a major presence on the Strip with 10 resorts under its control. In addition to hosting thousands of visitors each night, MGM properties are major destinations for conventioneers with its Mandalay Bay Convention Center and sports fans with affiliations with multiple arenas, including T-Mobile Arena.

Some Cosmopolitan of Las Vegas employees who asked for anonymity said they’ve been told by supervisors that the outage could take seven to 10 days to resolve.

Meanwhile, a report published Wednesday said another casino giant, Reno-based Caesars Entertainment Inc., also was hacked in late August.

Bloomberg reported that Caesars paid millions of dollars in ransom after being cyberattacked by a group known as Scattered Spider or UNC 3944. The report said Caesars would soon issue a regulatory filing addressing the incident.

Another Las Vegas resort, Westgate Las Vegas, experienced some computer issues in mid-August, but it turned out that a construction crew had sliced through a fiber-optic cable, rendering some computer systems inoperable. A Westgate spokesman said systems were back online within 24 hours.

SEC filing

For MGM, the incident was financially material enough for the company to issue a Securities and Exchange Commission filing late Tuesday, which didn’t elaborate on the cybersecurity issue.

Companies generally disclose material information on the SEC’s Form 8-K, a report to announce…