close
close

UK Arrests Suspected Scattered Spider Hacker Involved in MGM Attack

UK Arrests Suspected Scattered Spider Hacker Involved in MGM Attack

British police have arrested a 17-year-old boy suspected of involvement in the 2023 ransomware attack on MGM Resorts and a member of the hacking collective Scattered Spider.

“We have arrested a 17-year-old boy from Walsall in connection with a global cybercriminal online crime group that is targeting large organisations with ransomware and attempting to gain access to computer networks,” said a statement from West Midlands Police in the UK.


“Officers from our Regional Organised Crime Unit for the West Midlands (ROCUWM) along with officers from the National Crime Agency, working in conjunction with the US Federal Bureau of Investigation (FBI), made the arrest at an address in the city on Thursday (18 July).”

The teenager was arrested on suspicion of breaching the Blackmail and Computer Misuse Act and was subsequently released on bail while police completed their investigation.

Authorities have also seized digital devices from the suspect, which are being examined for evidence.

“We are proud to have assisted law enforcement in identifying and arresting one of the alleged criminals responsible for the cyberattack on MGM Resorts and many others,” MGM said in the police statement.

According to British police, the arrest is part of a larger investigation by the National Crime Agency and the FBI into a hacking group known for hacking networks, stealing data and using ransomware for extortion purposes.

Although not explicitly stated in the police statement, the hacking collective behind the MGM attack is known as Scattered Spider.

The name “Scattered Spider” refers to a loose community of English-speaking cybercriminals (aged 16 and up) with varying skills who often frequent the same Telegram channels, Discord servers and hacker forums.

Some members are also believed to be part of the “Comm,” another hacking collective linked to violent acts and cyber incidents.

Contrary to the popular perception that the Scattered Spider is a cohesive gang, it is a network of individuals with a large group of threat actors participating in various attacks.

This flexible structure makes it difficult for law enforcement agencies to track cybercriminals or attribute attacks to a specific cybercriminal group.

Scattered Spider is also known as 0ktapus, Starfraud, UNC3944, Scatter Swine, Octo Tempest and Muddled Libra.

In a 2023 FBI advisory, law enforcement officials outlined the hacking group’s skills and tactics, including social engineering, phishing, multi-factor authentication (MFA) bombing (targeted MFA fatigue), and SIM swapping to hack into corporate networks.

Over the past year, cybercriminals in this “community” have taken the unusual approach of partnering with Russian ransomware gangs including BlackCat/AlphV, Qilin, and RansomHub.

Other attacks attributed to Scattered Spider include Caesars, DoorDash, MailChimp, Twilio, Riot Games, and Reddit.