A major hack on MGM Resorts left it devastated — now, the alleged hacker responsible for it has issued a lengthy statement, clarifying details of the case.
“We have made multiple attempts to reach out to MGM Resorts International,” says the alleged criminal in an ALPHV blog post. “We intend to set the record straight.”
The attack heavily affected casinos and hotel computer systems, leaving entire systems shut down and casino floors empty. However, until the hacker’s statement the story had built up rumors, like ransomware being used to take control of their systems.
“No ransomware was deployed prior to the initial takedown of their infrastructure by their internal teams,” they said.
Instead, posts have circulated that they gained entry via a social engineering attack using the LinkedIn site and MGM’s helpdesk to obtain an important password. Once they had the password, they were able to log in and begin taking control of the systems, assigning themselves administrative privileges and moving laterally through their network.
However, this rumor is currently lacking hard evidence. The hacker went on to write that it was MGM’s actions that let them continue their operation.
“MGM made the hasty decision to shut down each and every one of their Okta Sync servers after learning that we had been lurking,” the hackers said. “Meanwhile, we continued having super administrator privileges to their Okta, along with Global Administrator privileges to their Azure tenant.”
MGM responded by shutting down its networks and contacting the appropriate authorities, however, the ALPHV gang released a crude but direct threat during the group’s statement.
“We still continue to have access to some of MGM’s infrastructure,” ALPHV said. “If a deal is not reached, we shall carry out additional attacks. We continue to wait for MGM to grow a pair and reach out as they have clearly demonstrated that they know where to contact us.”