(Bloomberg) — The hacker group accused of sabotaging MGM Resorts International's casinos and hotels last year is working on new attacks targeting banks and insurance companies, according to cybersecurity researchers.
Most Read Articles on Bloomberg
The group, known as Scattered Spider, has targeted 29 companies since April 20 and successfully compromised the systems of at least two insurance companies, according to Resilience Cyber Insurance Solutions, a cybersecurity risk firm. The company's researchers track the group's activities online.
According to Resilience's senior threat researcher, Scattered Spider targeted Visa Inc., PNC Financial Services Group Inc., Transamerica, New York Life Insurance Co., and Synchrony Financial in recent campaigns. Security concerns. The researcher said it is unclear whether the group was successful in gaining access to these companies.
Representatives for Transamerica and Synchrony declined to comment, while spokespeople for Visa, PNC and New York Life did not respond to requests for comment. The researchers did not name the two companies in the insurance industry that were successfully compromised.
Resilience researchers said the attackers purchased lookalike domains that matched the names of these target companies. They then used them to host fake login pages intended to mislead and send phishing links via email and text messages to employees in the department, according to Resilience's investigation. and directed them to a fake page. These pages are branded as Okta Inc., or a content management service, and allow hackers to steal users' credentials.
Research shows that people who visited the fake page were mistakenly directed to a domain run by Scattered Spider and labeled with racist epithets from a link for people who “need help signing in.” It is said that
Okta spokesperson Kyrk Storer said the company tracks ongoing threat activity from Scattered Spider and “actively notifies customers when we identify such fake login pages.” ” said. The company recently introduced new security features to mitigate the group's tactics, including phishing-resistant authentication and additional security checks to protect sensitive logins, Storer said.
According to senior threat researchers at Resilience, the group has been operating with incredible speed, most recently targeting multiple companies using social engineering techniques seen on May 6th.
Scattered Spider, an amorphous group that cybersecurity researchers say emerged in May 2022, is suspected of orchestrating a series of high-profile hacks in the second half of last year, including those against MGM and Caesars Entertainment, as well as virtual currency transactions. has been accused of. A partnership between platform Coinbase Global Inc. and manufacturer Clorox Inc. has resulted in shortages of cleaning products on shelves across the United States.
Read more: Casino hackers use low-tech tricks to exploit corporate networks
Researchers say hackers often trick call center employees and IT help desk staff into revealing passwords and sensitive information. Attackers impersonate employees of other companies on the phone and sometimes threaten to shoot their targets.
Resilience researchers say the group's criminal activity decreased from December to February, but they don't know if it has anything to do with the holidays, and it's less noticeable given the increased attention it's receiving. Or tried to develop a series of targets for a new campaign.
According to Resilience research, the group calls itself Star Fraud and is made up of American and British teenage and young adult hackers drawn from a large underground criminal organization known as The Com. The group initially focused on telecommunications companies, but by 2024 it will expand its focus to include more sectors, including food, retail and video games, as well as banking and insurance, Resilience researchers said. There is.
CrowdStrike Holdings, a cybersecurity firm that named the group Scattered Spider, said it had tracked 52 breaches by the group through October 2023.
The FBI and the Cybersecurity and Infrastructure Security Agency, known as CISA, have repeatedly requested information regarding the activities, identities, and whereabouts of Scattered Spider members.
The FBI and CISA did not respond to requests for comment.
(Updates with information in fifth paragraph.)
Most Read Articles on Bloomberg Businessweek
©2024 Bloomberg LP
