Scattered Spider, Alphv, and the MGM hack, explained

MGM’s high-profile hack sheds light on how devastating cyberattacks can be — but who’s responsible?

For the past several days, casino giant MGM has been gripped by a cyberattack.

A man in a gray hoodie holding a laptop outside of an MGM casino on a red-and-black and swirled background.
  • Last Monday, MGM reported that a cybersecurity issue had impacted several systems, which it promptly shut down, per Vox.
  • The hack wreaked havoc on its 12 Vegas properties’ digital room keys, slot machines, TVs, ATMs, and more, plus MGM’s websites.

How did it happen?

Techniques included “vishing” (“voice phishing”) and “social engineering,” or manipulating a person into revealing sensitive information.

In this case, hackers allegedly used publicly available LinkedIn info to impersonate an employee and tricked someone at MGM’s IT help desk into revealing access credentials.

Who did this?

That’s complicated, as two separate — but connected — groups have claimed responsibility.

Scattered Spider is believed to be a group of European and US hackers in their teens and 20s who specialize in social engineering.

  • Someone claiming to represent Scattered Spider told the Financial Times they wanted to rig the slot machines — a la Ocean’s Thirteen, which the rep said they’d never watched. When that failed, they decided to hold stolen data for ransom instead.
  • Scattered Spider also allegedly hacked Caesars Entertainment, which paid $15m in ransom.

Alphv/Black Cat runs a ransomware-as-a-service business, selling malware to other hackers. It was responsible for ~12% of cyberattacks in the first four months of 2022 and recently posted 2.5TB of data it stole from semiconductor maker Seiko.

  • Via a statement, it claimed to be the real culprit of the MGM hack (but not Caesars) and denied the slot machine plot.

While Spider is affiliated with Alphv and has used its malware in the past, it remains unclear how the two are connected — if at all — here.


Alphv seemed to enjoy excoriating MGM, accusing it of insider trading, shoddy privacy practices, and “greed, incompetence, and corruption.”

But mostly, money — MGM’s market cap is $14.4B. Ransomware hacks frequently target large organizations with money and sensitive info: hospitals, school systems, cities, etc.

Experts told Wired they hope high-profile hacks like MGM’s will bring more awareness to the devastating potential of cyberattacks — and perhaps new policies and strategies to combat them.

New call-to-action
Topics: Hacks

Get the 5-minute news brief keeping 2.5M+ innovators in the loop. Always free. 100% fresh. No bullsh*t.