FBI ‘Knows Identities’ Of MGM, Caesars Hacking Gang

The FBI is aware of the identity of at least a dozen members of the aggressive hacking gang behind recent cyber break-ins at casino operators MGM Resorts International and Caesars Entertainment, with the hackers being based in Western countries including the United States, cybercrime experts have said.

The fact that some of the members of the English-speaking attack group live in the US adds to confusion over why the FBI has not yet acted to arrest them, several experts told Reuters.

The head of one cyber-security group called the situation a “failure” by law enforcement, while the chief executive of another speculated that it resulted from a shortage of FBI cyber agents.

The attack group is known by various names, including Okta, 0ktapus, Scatter Swine, UNC3944, Octo Tempest and Scattered Spider.

Devastating attacks

It has been active since early 2022, but made headlines this year with attacks on MGM in September and Caesars in October.

The MGM hack disrupted digital room keys, check-in systems, slot machines and card payments at some locations, according to accounts by customers.

Caesars, which paid $15 million (£12m) in ransom to regain access to its systems, according to a Wall Street Journal report, saw $2bn wiped off its market value as a result of the hacks.

A study late last month by Microsoft’s Incident Response and Threat Intelligence group called Octo Tempest “one of the most dangerous financial criminal groups”.

Aggression

Microsoft’s report detailed the aggressive tactics used by the group, ranging from sextortion to threats of physical violence.

“If we don’t get ur…login in the next 20 minutes were sending a shooter to your house (sic),” read one message to a target, while another threatened a target’s wife with murder.

Michael Sentonas, president of computer security firm Crowdstrike, told Reuters many of the hackers were “known”.

He said he thought “there is a failure here” on the part of law enforcement.

‘Failure’

The FBI has said it is investigating the hacks, but declined to comment on the hacking group or the state of the investigation.

Four people told Reuters the FBI has known the identities of at least a dozen members tied to Octo Tempest.

The FBI reportedly began looking at Octo Tempest’s operations more than a year ago, but gave it more focus after the attack on MGM.

The group has attacked about 230 ortanisations since the beginning of last year, across sectors including telecoms, outsourcing, healthcare and financial services, according to cybersecurity firm ZeroFox, which has been working with Caesars.

‘Don’t have enough people’

ZeroFox chief executive James Foster said law enforcement struggled to pursue the gang because “they just don’t have enough people”.

The fact that the group is made up of loosely knit clusters who communicate over Telegram and Discord, a platform popular with gamers, may add to the difficulty in coordinating the investigation.

Reuters cited three people as saying the FBI’s Newark, New Jersey field office has recently begun handling an investigation into the group and is making progress, having added a new special agent to the case.