Following the cybersecurity issue that hit MGM Resorts International’s US properties, the Las Vegas Review Journal and Bloomberg now reported that Caesars Entertainment Inc. paid out tens of millions of dollars to cyber terrorists who hacked the firm’s systems during recent weeks and openly threatened to publish the firm’s data. Additionally, information was gathered from two people “familiar” with the subject.

Scattered Spider or UNC 3944 possibly responsible for cyber attack:

An official statement form the firm is projected to be revealed soon in a “regulatory filling,” the people said. Also, the reveal of the supposed cyber attack on Caesars follows the aforementioned MGM’s cybersecurity issue, which could potentially be connected to a Russian ransomware hacking gang.

As for Caesar’s issue, the company declined to comment on the matter and its stakes fell 2.7% to $52.35 on Wednesday. However, the hackers behind the attack on Caesars Inc. are Scattered Spider or UNC 3944. These groups are known for its highly skilled members when it comes to using social engineering to enter big corporate networks, cybersecurity experts say.

Details of the hacking attack:

When it comes to the details of the attack, the aforementioned hackers first burst through an external IT provider, and then entered the firm’s network. However, they made Caesars their target from August 27. In this regard, when describing the group, a person who inquired about the many hacks from the said group, said: “Members of the hacking group are believed to be young adults, some as young as 19, residing in the United States and the United Kingdom.”

Groups like Scattered Spider of UNC 3944 usually want to be paid in cryptocurrency if they request a ransom. Therefore, as a part of their attacks, they use ransomware that locks files on the computer and then offer a decryption key on the condition that the victim gives money. But lately, hacker attacks are usually done in the same way as with Caesars.

Commenting on the mindset of the hackers, chief technical officer of Mandiant Inc., which is part of Google Cloud, Charles Carmakal, commented: “These hackers are one of the most prevalent and aggressive threat actors impacting organizations in the United States today. many of the members of the group are young native English speakers who are incredibly effective social engineers. They have started deploying ransomware encryptors and sometimes expose victims on infrastructure used by another hacking group, ALPHV.” Furthermore, Mandiant first encountered the gang in May 2022.