The same hackers that entered the systems of MGM Resorts International recently also gained access to the networks of another casino giant, Caesars Entertainment, plus three more firms in the manufacturing, retail, and technology sectors. This is according to a security official with knowledge of the situation.
Five of Okta's clients, including MGM and Caesars, have been hacked by gangs called ALPHV and Scattered Spider since August, as per Okta's chief security officer David Bradbury. Okta is helping with government investigations into the breaches but would not identify the other firms involved.
Increased Focus On Ransomware Attacks
The breaches have brought renewed attention to ransomware assaults, which hit hundreds of businesses annually, ranging from hospitals to phone companies.
Both MGM and Caesars saw their stock values fall last week. MGM has yet to recover from a number of incidents that affected operations at its hotels and gambling facilities throughout the globe, from Las Vegas to Macau.
Okta, headquartered in San Francisco, offers identity services, including multi-factor authentication, to aid users in securely accessing online apps and websites. The company claims to have more than 17,000 clients throughout the globe. Bradbury said the company issued a notice last month after discovering several breaches at its clients' sites.
When asked why they felt the need to reveal what had transpired so quickly, he told Reuters, "We saw this happened in such a short period of time and we thought we should be coming forward to the industry at large."
Okta previously said that its US clients were seeing a widespread trend of attacks in which hackers posed as legitimate employees of target companies to trick the IT support desk into giving them further privileges.
Bradbury claimed that the frequency of such cyber attacks has increased significantly during the previous six to 12 months.
See Also : 'Cybersecurity Issue' Plagues MGM Resorts Across US, Forcing Shutdowns in Casino, Hotel Operations
Hackers Acting as 'Business Associates'
In a message on its website last Friday, September 15, financially motivated hacker group ALPHV claimed responsibility for the MGM intrusion and threatened additional assaults if a settlement was not reached. The amount of ransom asked by ALPHV is still unknown.
Bradbury said the gang had broken into MGM's network and hacked into Okta through the client, gaining access to additional credentials in Okta's identity management system.
Bradbury said that security professionals who have studied both organizations have found evidence that Scattered Spider and ALPHV collaborated in the most recent attacks. One can think of them as affiliates or business associates.
Scattered Spider, also known as UNC3944, was named last week as one of the most disruptive hacking groups in the US by Google's Mandiant Intelligence. According to Bradbury, Okta's observations of the latest hacks corroborate what Mandiant has indicated about the group's methods.