💰💣
Scattered Spider Security Incident
2024-2025
464 days ago
Resolved
Incident Overview
Situation Description
The notorious Scattered Spider cyber criminal group is evolving its tactics, techniques, and procedures (TTPs) in 2025 to bypass security controls like MFA and take over accounts on internet applications and services.
Event Types
Ransomware
Malware / Destructive Attack
Industry Sector
HospitalityGeographic Scope
GlobalResponse Actions
Isolated Compromised Systems
Took Systems or Services Offline
Restored Systems from Secure Backups
Engaged Third-Party Forensic Investigators
Conducted Threat Hunting & Eradication
Fulfilled Formal Breach Disclosure Obligations
Notified Affected Individuals & Entities
Refused to Pay Ransom / Extortion
Paid Regulatory Fines or Legal Settlements
Offered Post-Breach Remediation Services
Notified Law Enforcement
Managed Public Narrative & Crisis Communications
Revised Incident Response Plan
Implemented Advanced Authentication
Hardened Attack Surface
Conducted Employee Training
Shared Threat Intelligence
Collaborated with Peers / Community
Enhanced Third-Party & Supply Chain Risk Management
Impact Analysis
Event Types (2 identified)
Ransomware
Malware / Destructive Attack
Financial Impact
$155,000,000 USDRecords Affected
0Data Types Compromised
PII (Personally Identifiable Information)
Financial Data (Credit Cards, Bank Accounts)
Operational / System Data
Primary Impacts
Financial Loss
Data Exposure
Operational Disruption
Reputational Damage
Legal/Regulatory Penalties
Key Decisions Made
Scattered Spider socially engineered MGM Resorts helpdesk personnel to bypass MFA and log into accounts.; Scattered Spider targeted accounts with Super Administrator privileges within MGM Resorts Okta tenant to register an attacker-controlled IdP via inbound federation.; Scattered Spider deployed ransomware to around 100 ESXi servers and exfiltrated data after compromising MGM Resorts' Okta tenant.
Technical Analysis
Attack Method
Social Engineering
Threat Actor Attribution
Scattered Spider
0ktapus
Octo Tempest
Scatter Swine
Muddled Libra
UNC3944
ShinyHunters
Lapsus$
Yanluowang
Karakurt
DragonForce
RansomHub
Qilin
Vulnerability / Tool
MFA Bypass
Okta
VMware ESXi
Additional Information
Quick Facts
- Company:
- Scattered Spider
- Date:
- 2024-2025
- Status:
- Resolved
- Decision Maker:
- nan
- Position:
- nan
- Published:
- 6/05/2025
Source Information
Original Query
MGM Resorts class action lawsuit settlement details "Scattered Spider"Timeline
Information Published
6/05/2025
Incident Occurred
2024-2025 (464 days ago)
Status: Resolved
Estimated resolution based on age