MGM Breach by Scattered Spider / Star Fraud Results in $100M Loss

Hackers from the group "Star Fraud" aka “Scattered Spider” impersonated an MGM employee on LinkedIn and social engineered the IT Helpdesk.

They leveraged BlackCat AlphV to deploy ransomware.

The attack disrupted MGM's operations for days, affecting hotel check-ins, slot machines, and caused $100M of loss.

The Star Fraud threat group, which consists of teenagers across Europe, employs social engineering.

Attackers are not hacking in, they’re logging in. Phishing and social engineering are predominant ways leading to IT Access.

Post this IT Access, ransomware experts like BlackCat AlphV are brought in to lock the environment.

Continuous behavioral analysis across all communication channels (Slack, Email, Cloud + SaaS) to detect anomalous interactions.

Utilize AI-driven behavioral detection to flag anomalies, especially for OAuth application changes or token use.

Correlate suspicious events across Cloud + SaaS ecosystems.