Skip to main content

Russian-Speaking ALPHV (BlackCat) Hacker Group Claims Responsibility for Recent System Breach at MGM Resorts

As more details about the cyber attack faced by MGM Resorts International are being uncovered, experts have reported that the breach the company faced a few days ago continues to come at a costly price for the US casino and hotel operator by the minute.

The attack, which started on September 10th, saw all slot machines at ARIA and caused disruptions to hotel room locks in the Bellagio hotel and casino on the Las Vegas Strip. For the time being, the full extent of the impact that the cyber attack had on the company’s operations is still unclear.

The main website of the casino and hotel giant was down on September 13th morning, after the company experienced a “cybersecurity incident” that affected reservations and casino floors not only in Nevada but also in seven other US states. For now, the company has remained pretty much silent about the incident and has refused to openly acknowledge a breach took place. Nevertheless, a Russian-speaking ransomware organization claimed responsibility for the cyber attack.

According to a post on X (former Twitter) from malware repository vx-underground, recently, the popular hacker group ALPHV, also known as BlackCat, revealed that it had breached the systems of MGM Resorts International with a simple phone call.

Hackers Used Employee Profile on LinkedIn to Get Access to MGM Resorts’ Systems

Reportedly, the Russian-speaking ransomware group ALPHV went on LinkedIn, found an employee of the US casino and hotel operator and then called the Help Desk. The organization itself revealed that the company “was defeated” by a phone conversation that lasted no more than 10 minutes.

Such attacks are known as “social engineering”. They involve targeting a human and convincing them to provide the attackers with credentials, such as by posing as a company’s employee who needs a reset of their password.

For the time being, the ALPHV group has not mentioned the attack on its dark leak pages. The vx-underground account, which confirmed who the attackers were on X, noted that the information the attackers used to infiltrate MGM Resorts International’s systems came as a result of direct communications with the hackers. The malware researchers also suggested that the US company had not met the ransom demands of the Russian-speaking hacker gang so far, writing that he believed “MGM will not pay”.

Ransomware gangs operate by infiltrating target organizations and usually demand payments that can expand to tens of millions of dollars in exchange for the keys to the companies’ encrypted IT infrastructure and restore access. Refusing to do so could also be extremely expensive for businesses because such breaches could eventually result in losing business worth millions of dollars. According to experts, casinos are among the attractive targets for cybercriminals.

As CasinoGamesPro previously reported, the Federal Bureau of Investigation (FBI) revealed that it was investigating the incident. FBI officials, however, refused to provide any more details on the situation, saying that the investigation was still ongoing.

 Author: Harrison Young

Harrison Young is an experienced writer, who started his career almost 8 years ago. Prior to joining our team at CasinoGamesPro, he worked as an editor for a small magazine.