In recent years, a highly aggressive cybercrime gang has emerged as a formidable threat to corporate America, particularly targeting casino operators like MGM Resorts International and Caesars Entertainment. Despite knowing the identities of at least a dozen group members, the U.S. Federal Bureau of Investigation (FBI) has faced significant challenges in curbing their activities, according to cybersecurity responders and victims.
The group, known by various aliases including "Scattered Spider" and "Okta," has been active since 2021, drawing attention with a series of intrusions into several high-profile American companies. Its September attacks on MGM and Caesars, causing operational disruptions and ransom demands, underscored the group's audacity and effectiveness.
The apparent lack of arrests, despite many hackers being based in the U.S., has left industry executives perplexed. Michael Sentonas, president of CrowdStrike, expressed his bafflement to Reuters, saying, "For such a small group, they are absolutely causing havoc."
The FBI confirmed its ongoing investigation into the gaming company hacks but declined to comment on the broader group or the current state of the inquiry. Meanwhile, cybersecurity firms like CrowdStrike, Mandiant, Palo Alto Networks, and Microsoft have been pivotal in responding to breaches and assisting law enforcement.
The hackers' attacks have had severe financial repercussions. MGM's breach led to approximately $100 million in damages, while Caesars reportedly paid around $15 million in ransom. The attacks have also significantly impacted their market value, with Caesars seeing a $2 billion drop.
The group's modus operandi involves an array of illicit activities, from sextortion and ransomware to more sinister threats of physical violence. Microsoft's report on the group highlighted their aggressive tactics, including threats to send shooters to victims' homes if demands weren't met.
A significant challenge for law enforcement has been the hesitancy of many victim companies to cooperate with the FBI. According to insiders, several affected firms chose not to inform the bureau of their compromises, leading to lost opportunities for gathering crucial evidence.
Another hurdle has been the group's structure, characterized by small, loosely knit clusters that collaborate on specific projects. Their communication primarily occurs through social messaging apps like Telegram and Discord, adding to the complexity of the investigation.
Recent efforts by the FBI's Newark, New Jersey field office, which has taken over the investigation and assigned a new special agent, show some progress. However, the bureau's struggle is compounded by a reported shortage of cyber agents, as noted by James Foster, CEO of ZeroFox.
The gang's ruthless and unconventional approach, combined with the FBI's investigative challenges, portrays a disturbing picture of the current state of cybersecurity threats and the difficulties in combating them effectively. As the group continues to target a wide range of industries, the urgency for more robust and coordinated cyber defense strategies becomes increasingly apparent.
