A security executive said hackers that infiltrated MGM Resorts International (MGM.N) and Caesars Entertainment (CZR.O) in recent weeks also broke into three other manufacturing, retail, and technology organizations.
Since August, ALPHV and Scattered Spider had hacked five Okta clients, including MGM and Caesars, according to chief security officer David Bradbury.
Bradbury told Reuters that Okta was participating in official breach probes but didn’t name the other companies.
The cyberattacks have highlighted ransomware attacks, which damage hundreds of industries yearly, from healthcare to communications. Last week, stock prices dipped for MGM and Caesars, and MGM is still recovering from operations disruptions at its Las Vegas and Macau hotels and casinos.
Multi-factor authentication helps users access online apps and websites safely, according to San Francisco-based Okta, which has over 17,000 customers worldwide. Bradbury said the organization sent an alert after discovering multiple customer breaches last month.
“We saw this happen so quickly and thought we should explain it to the industry,” he said.
Okta reported that its U.S. customers were experiencing a pattern of assaults in which hackers impersonated employees and convinced their I.T. helpdesk to give them duplicate access.
Bradbury stated, “we’ve seen consistently over the past six to 12 months, a ramp up in these types of attacks.”
After announcing a “cybersecurity issue.” last week, MGM has not addressed the statement or incident. Caesars stated it was investigating the issue.
ALPHV, a financially driven hacking gang, claimed the MGM hack on its website Friday and threatened future attacks if MGM didn’t negotiate. How much ransom ALPHV has requested is unknown.
Bradbury said the organization infiltrated MGM and gained access to its Okta client, which gave it more credentials in the identity management firm’s system.
According to Bradbury, security professionals who have studied both groups believe Scattered Spider collaborated with ALPHV on the latest hacks. “Think of them more as business associates or affiliates,” advises.
Last week, Google’s Mandiant Intelligence named Scattered Spider (UNC3944) one of the most disruptive U.S. hacking groups. Bradbury said Okta’s observations of the recent hacks matched Mandiant’s description of the group’s actions.