Scattered Spider Members Indicted: Five Hackers Charged for MGM and Caesars Ransomware Attacks
- May 19
- 2 min read
Federal prosecutors have unsealed indictments against five alleged members of Scattered Spider, the cybercriminal group responsible for devastating ransomware attacks against MGM Resorts International and Caesars Entertainment in 2023. The charges include conspiracy, wire fraud, and identity theft. This marks one of the most significant cybercrime prosecutions in recent years targeting a Western-based, English-speaking threat group.
Scattered Spider, also tracked as UNC3944 and Octo Tempest, rose to infamy through a series of high-profile attacks using social engineering rather than technical exploits. The group specializes in calling corporate IT help desks, impersonating employees using personal data sourced from LinkedIn and data broker sites, and convincing help desk staff to reset multi-factor authentication. Once inside, they move laterally through hybrid Active Directory and Azure environments to deploy ransomware or exfiltrate data for extortion.
The MGM Resorts breach alone caused over $100 million in direct losses, disrupted hotel operations across Las Vegas for weeks, and exposed data on millions of guests. Caesars Entertainment quietly paid an estimated $15 million ransom. The group also targeted dozens of other organizations across retail, hospitality, and technology sectors in the US and UK. UK retailer Marks and Spencer and Co-op are among the most recent victims, having suffered attacks attributed to DragonForce affiliates using the Scattered Spider playbook.
Organizations most at risk are those with large hybrid workforces, outsourced IT help desks, and Entra ID or Okta-based identity platforms. Any company where a help desk agent can reset MFA over a phone call without strong out-of-band verification is vulnerable to the exact technique that enabled these attacks.
The indictments should not create a false sense that the threat has passed. CrowdStrike and others have documented that Scattered Spider's methodology has been absorbed by other RaaS affiliates who continue operating independently. Immediate defensive actions: remove help desk ability to reset MFA without video verification, enforce hardware token requirements for MFA resets, and audit all Entra ID Conditional Access policies for gaps that allow on-premises credential reuse in cloud environments.
These prosecutions represent the most direct accountability for a major ransomware operation in years, but the playbook these attackers pioneered has already spread far beyond any individual group.
Source: https://www.bleepingcomputer.com/news/security/scattered-spider-hackers-indicted-for-mgm-caesars-attacks/
The Scattered Spider indictments show social engineering remains the weakest link. Great breakdown of the MGM and Caesars cases — I've been following the identity theft charges closely and it's eye-opening. https://3daimaker.com
This comparison between fog computing and edge computing was very well explained. Complex technological distinctions hydrostatic pressure test can be confusing, but your examples made everything accessible and easy to understand. appreciates educational tech content that empowers readers to stay informed about emerging innovations.
Congratulations to Ryan on this amazing cosmetic dentistry oakville achievement. Hard work and persistence truly pay off, and this celebration is well deserved. loves seeing milestones recognized and wishes continued success in all future endeavors.
Fantastic comparison between fog and edge computing. The distinctions were clearly explained, making this line of credit for nonprofit technical subject approachable for readers at all levels. appreciates educational posts like this that make emerging technologies easier to understand and apply.
Excellent comparison of fog and https://pettransportpro.com/ edge computing concepts. The distinctions are explained clearly and professionally. appreciates technical content that educates readers while simplifying complex innovations shaping the future.