September 15, 2023

Caesars Entertainment, one of the world’s largest casino operators, has reportedly paid “tens of millions of dollars” to hackers who threatened to release company data, according to Bloomberg.

The attack was reportedly perpetrated by a group called Scattered Spider (aka UNC 3944), a group skilled at using social engineering to bypass corporate network security.

Scattered Spider’s members, some as young as 19, are believed to operate from the United States and the United Kingdom. Their campaign against Caesars began as early as August 27th, with the group gaining access to an external vendor before infiltrating the company’s inner sanctum.

Once inside the network, Scattered Spider reportedly exploited vulnerabilities and used tools like “Stonestop” to evade security software. Stonestop is a type of malware that can disable security software and steal data.

It is unclear how much data was stolen in the attack, but Caesars has not disclosed any evidence that customer data was compromised. The company is expected to disclose the attack “imminently” in a regulatory filing.

Scattered Spider is known for using social engineering to gain access to corporate networks. Social engineering is a type of attack that relies on human error and manipulation to trick victims into revealing confidential information or clicking on malicious links.

The sources for this piece include an article in Engadget.