The ALPHV ransomware group, known for its adept social engineering tactics, has taken responsibility for the cyber incident that disrupted MGM Resorts, an international hotel chain.
According to vx-underground, the ALPHV/BlackCat ransomware group revealed that it employed standard social engineering techniques, such as building trust with employees to gain insider information.
The group attempted to extort a ransom from MGM Resorts, but the company reportedly declined to comply. Shockingly, the initial conversation that led to their access took a mere 10 minutes.
The ALPHV/BlackCat ransomware group claimed responsibility for the MGM Resorts cyber disruption on Tuesday. Allegedly, it took them just 10 minutes on a phone call to gather the information required to disrupt systems, including, regrettably, the casino slot machines owned by MGM Resorts.
In a post on X, the organization stated, “All the ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, locate an employee, and then call the Help Desk.” These details originate from ALPHV but have not been independently verified by security experts.
Earlier this week, the international resort chain began experiencing disruptions, noticeable as slot machines at MGM Resorts’ Las Vegas Strip casinos ceased functioning. As of Wednesday morning, MGM Resorts still displayed signs of downtime, with ongoing website disturbances.
While MGM Resorts has not replied to requests for comment, the company stated on Tuesday that “Our resorts, including dining, entertainment, and gaming, are currently operational.”
Within the cybersecurity community, ALPHV is recognized for its exceptional skill in social engineering for initial access, as noted by vx-underground. Typically, the group resorts to ransomware tactics to pressure targets into making payments, and it has been targeting prominent corporate entities.
In July, ALPHV, along with another threat actor, Clop, featured beauty giant Estée Lauder on their data leak platforms.