MGM Resorts' website is still down over 60 hours after being hit by a cyberattack; ransomware-as-a-service group ALPHV, aka BlackCat, reportedly took credit
1. Look up who works at a org on LinkedIn — 2. Call Help Desk (spoof phone number of person I'm impersonating) — 3. Tell Help Desk I lost access to work account & help me get back in … Kevin Beaumont / @GossiTheDog@cyberplace.social : Re #MGM - all their physical and virtual servers appear to still be offline. I've spotted their physical appliances (eg Aruba boxes, PAN etc) are online. — It wouldn't surprise me if somebody lapsus style wiped them. @da_667@infosec.exchange : Hay kids, do you like cyber violence? wanna see me stick cissp study guides under my eyelids? Watch ransomware fuck up MGM even though they just skids? — This firewall is dead weight, getting these static routes straight, meanwhile APTs got they choice of which networks to penetrate Zack Whittaker / @zackwhittaker@mastodon.social : Bloomberg is reporting that the same hackers who took down MGM Resorts this week recently targeted Caesars Entertainment, which paid millions in ransom to stop the publishing of its sensitive information. — The hacking group behind the attacks is believed to be Scattered Spider, aka 0ktapus, comprised mostly of young adults. … @hn50@social.lansky.name : Hackers claim it only took a 10-minute phone call to shut down MGM Resorts — Link: https://www.engadget.com/...
Bloomberg is reporting that the same hackers who took down MGM Resorts this week recently targeted Caesars Entertainment, which paid millions in ransom to stop the publishing of its sensitive information. — The hacking group behind the attacks is believed to be Scattered Spider…
All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk. A company valued at $33,900,000,000 was defeated by a 10-minute conversation.
@let_svn No, this isn't an attempt to screw anyone over. This particular subgroup of ALPHV ransomware has established a reputation of being remarkably gifted at social engineering for initial access. It isn't really a surprise ALPHV (or the subgroup) is behind this attack.
One of the easiest ways for me to hack is simply: 1. Look up who works at a org on LinkedIn 2. Call Help Desk (spoof phone number of person I'm impersonating) 3. Tell Help Desk I lost access to work account & help me get back in I hope we learn more & get confirmation of methods
Very cool. Thank you @Bitdefender and @TrustedSec for the kind words when speaking with @Forbes. However, we would like to note vx-underground is a collective of several people - it is not a single person. (TrustedSec knows this, maybe Mr. Hammerstone made an oopsie doopsie) [ima…