Ransomware group “ALPHV” claims responsibility for MGM cybersecurity attack in dark web post
September 14, 2023 – NBC 3 News KSNV
In the latest twist of a weeklong saga involving Nevada’s largest gaming giants, a Thursday post on the dark web from the ransomware group “ALPHV” claims responsibility for the cyber-attack that has crippled operations at MGM properties since Sunday.
It was speculated that ALPHV (pronounced “alpha” and also known as “BlackCat”) was the group behind MGM’s cybersecurity incident. Their post seems to confirm the speculation, but the fact they publicly claimed responsibility is an unusual move, cybersecurity experts said.
“That was probably the main part of this particular statement, which was they claim that Okta, which is a single sign-on provider, or like an authentication application that many organizations use, that’s where the initial breach occurred,” said Drew Schmitt, a practice lead with GuidePoint Research and Intelligence Team (GRIT) at GuidePoint Security. “And they were within their Okta infrastructure for quite a while and obtaining passwords of specific people. And that’s ultimately how they got into the environment.”
Schmitt said these attackers usually play on typical human emotions.
“They will pose as that individual and say, ‘Hey, I’m locked out on my computer, I lost my phone, I need a way to get in, can I change my password?’ And then they’ll basically just trick the individual on the other side into making a change or allowing them access into the environment,” said Schmitt.