Octo Tempest: The Cyber Group Behind Caesars and MGM Hacks
Posted on: October 26, 2023, 03:32h.
Last updated on: October 26, 2023, 03:32h.
A recent report by Microsoft Security reveals that “Scattered Spider,” the group responsible for hacking Caesars Entertainment and MGM Resorts International, is linked to a larger cyber bandit organization known as “Octo Tempest.” Octo Tempest is notorious for extorting and threatening victims with violence, using broad social engineering campaigns to exploit technological vulnerabilities and demand financial compensation.
According to the report, Octo Tempest utilizes social engineering, such as obtaining employee information and contacting IT departments to gain access, as demonstrated in the attacks on MGM and Caesars. Initially known for sim swaps and hacking cryptocurrency accounts of wealthy individuals, Octo Tempest has expanded its targeting to include cable telecommunications, email, and technology organizations.
“Building on their initial success, Octo Tempest harnessed their experience and acquired data to progressively advance their motives, targeting, and techniques, adopting an increasingly aggressive approach,” noted Microsoft. “In late 2022 to early 2023, Octo Tempest expanded their targeting to include cable telecommunications, email, and technology organizations.”
Recent findings suggest that Octo Tempest has joined forces with ALPHV/BlackCat, a ransomware as a service (RaaS) outfit connected to Scattered Spider.
Gaming Industry Vulnerabilities
In their pursuit of sensitive data and financial gain, Octo Tempest and Scattered Spider have shifted their focus to data-rich entities, including gaming companies like Caesars and MGM. The nature of hotel bookings and loyalty programs make gaming companies attractive targets for cyber infiltrations and ransomware attacks.
Microsoft’s report states, “Octo Tempest progressively broadened the scope of industries targeted for extortion, including natural resources, gaming, hospitality, consumer products, retail, managed service providers, manufacturing, law, technology, and financial services.”
While many companies, including Caesars, have paid ransomware demands, the FBI advises against it. MGM did not pay when targeted by Scattered Spider, as the hackers made their demand after the casino operator had already begun rebuilding its systems.
Although Octo Tempest’s motives are primarily financial, their monetization techniques vary from cryptocurrency theft to extortion and ransomware deployment using exfiltrated data,” observed Microsoft.
Extortion and Threats of Violence
Octo Tempest and Scattered Spider employ fear tactics and threats, including “sextortion,” to coerce victims into complying. Personal information, such as addresses and family names, combined with physical threats, are used to force victims to share corporate access credentials.
While it is unclear if these tactics were used against Caesars or MGM employees, recent evidence highlights the aggressive nature of ransomware perpetrators.