Adam is an experienced writer with years of experience in the gambling industry. He has worked as a content writer and editor for five years on sites such as Oddschecker, CoinTelegraph and Gambling Industry News,...
Read Full BioScattered Spider, a hacker group that targeted MGM Resorts International and Caesars Entertainment in 2023, has been identified in attacks on Hawaiian Airlines, WestJet, and other aviation companies.
Tech firms Google and Palo Alto sounded the alarm. They warned organizations that the group, also known as Muddled Libra and UNC3944, is targeting the aviation industry.
A post on LinkedIn by Sam Rubin, an executive at Palo Alto’s cybersecurity-focused Unit 42, stated, “Unit 42 has observed Muddled Libra (also known as Scattered Spider) targeting the aviation industry. Organizations should be on high alert for sophisticated and targeted social engineering attacks and suspicious MFA reset requests.”
Similarly, Charles Carmakal, an executive with Alphabet-owned Google’s cybersecurity-focused Mandiant unit, said his company was “aware of multiple incidents in the airline and transportation sector which resemble the operations of UNC3944 or Scattered Spider.”
Previous Attacks On Casinos By The Hackers
The group emerged in 2022 and is thought to have first targeted telecoms companies using SIM swap scams, multi-factor authentication fatigue attacks, and phishing by SMS and Telegram.
In 2023, the hackers gained notoriety for attacks on major casino operators Caesars Entertainment and MGM Resorts International. Caesars reportedly paid a $15 million ransom to limit the damage, half the original $30 million demanded by the group.
The hacking group confirmed that it obtained six terabytes of data from Caesars and MGM in a social engineering attack on IT support. That halted much of the casino operations and obtaining user data such as social security and driving license numbers.
In the attack on MGM, Scattered Spider is believed to have gained access to the system by calling the casino’s helpdesk and posing as an employee they found on LinkedIn.
Last year in July, a 17-year-old in the UK was arrested in relation to the hack. The teen was released on bail and the investigation is ongoing.
Due to the breach, MGM and Caesars were sued and MGM paid $45 million to affected victims in January this year. On top of the payout to victims, the hack is estimated to have cost the company over $100 million.
The group has also previously gone under the names Star Fraud, Octo Tempest, and Scatter Swine. It has since carried out attacks on Twilio, Visa, Snowflake clients, and major insurers, including Aflac.
Other Cases Of Social Engineering Attacks
Gambling companies have been targeted by hackers in the past, in particular in the crypto betting sphere. Stake reportedly lost $41 million in funds in an attack in September 2023. This was at the same time as Scattered Spider’s hacks on Caesars and MGM.
In similar tactics to those used by the group in the attack on MGM, where they obtained employee information through LinkedIn, a North Korean hacking group has also been implicated in an attack on a Canadian gambling provider.
The group used LinkedIn, Telegram, and Zoom to make contact with employees, impersonating known contacts of the company.
The shift of Scattered Spider to aviation companies shows any industry could be a target. However, gambling companies in particular face a heightened risk due to the large amounts of money flowing through the companies, and high-value data stored on servers.
According to Mandiant, “Ransomware groups specifically target sectors with a low tolerance for downtime. Gambling is at the top of that list.”
