UK police have arrested a 17-year-old boy suspected of being concerned within the 2023 MGM Resorts ransomware assault and a member of the Scattered Spider hacking collective.
“Now we have arrested a 17-year-old boy from Walsall in reference to a worldwide cyber on-line crime group which has been concentrating on massive organisations with ransomware and having access to laptop networks,” reads an announcement from the West Midlands Police in the UK.
“Officers from our Regional Organised Crime Unit for the West Midlands (ROCUWM) joined officers from the Nationwide Crime Company, in coordination with america Federal Bureau of Investigation (FBI), to make the arrest at an handle within the city on Thursday (July 18).”
{The teenager} was arrested on suspicion of violating the Blackmail and Laptop Misuse Act and was subsequently launched on bail whereas the police accomplished their investigation.
The authorities have additionally seized digital gadgets from the suspect that shall be investigated for additional proof.
“We’re proud to have assisted regulation enforcement in finding and arresting one of many alleged criminals chargeable for the cyber assault in opposition to MGM Resorts and plenty of others,” MGM stated as a part of the regulation enforcement assertion.
The UK police say that the arrest is a part of a broader investigation carried out by the Nationwide Crime Company and the FBI right into a hacking group identified to breach networks, steal information, and deploy ransomware in extortion schemes.
Whereas not explicitly acknowledged within the police assertion, the hacking collective behind the MGM assault is called Scattered Spider.
The identify “Scattered Spider” denotes a loose-knit neighborhood of English-speaking risk actors (as younger as 16) with numerous ability units who generally frequent the identical Telegram channels, Discord servers, and hacker boards.
Some members are additionally believed to be a part of the “Comm” – one other hacking collective linked to violent acts and cyber incidents.
Opposite to the final perception that the Scattered Spider is a cohesive gang, it’s a community of people with a big pool of risk actors taking part in numerous assaults.
This fluid construction makes it troublesome for regulation enforcement to trace them or attribute assaults to a particular cybercrime group.
Scattered Spider is also referred to as 0ktapus, Starfraud, UNC3944, Scatter Swine, Octo Tempest, and Muddled Libra.
In a 2023 FBI advisory, regulation enforcement outlined the hacking collective’s expertise and techniques, which embody social engineering, phishing, multi-factor authentication (MFA) bombing (focused MFA fatigue), and SIM swapping to breach company networks.
Over the previous 12 months, the risk actors on this “neighborhood” have taken the weird strategy of partnering with Russian ransomware gangs, together with BlackCat/AlphV, Qilin, and RansomHub.
Different assaults attributed to Scattered Spider embody Caesars, DoorDash, MailChimp, Twilio, Riot Video games, and Reddit.
