MGM Resorts International is in the news this week after suffering a major cybersecurity breach. It has crashed slot machines and ATMs and left some hotel guests unable to even check in or enter their rooms.
Now, an X account belonging to a group known for its cyber attack expertise has shed further light on the issue. The group – called vx-underground – claims that it has an insider source within the organization responsible for the MGM attack, an organization it has revealed as Russian gang ALPHV/ BlackCat.
used LinkedIn to find the details of an employee, then pretended to be that person
In a post to its 220,000 followers on X, vx-underground went on to allege that MGM was defeated via simple means. It claims the Russian group used LinkedIn to find the details of an employee, then pretended to be that person in a ten-minute phone call with MGM security. This is how the group supposedly gained access to the system:
Using social engineering to gain access to systems or sensitive information is a popular tactic among hackers. They use psychological manipulation to trick people into making security mistakes.
vx-underground made clear in its response to followers that it does not think MGM will pay a ransom. Caesars Entertainment supposedly forked out $30m in a similar attack recently.