A full timeline of the MGM Resorts cyber attack

Hospitality and entertainment company, MGM Resorts, recently suffered a cyber attack that severly impacted its business operations.

The cyber attack was discovered on September 11, when MGM Resorts put out a statement via X (formerly Twitter) that a “cyber security incident” was impacting come of its systems. MGM Resorts reassured customers that it had contacted law enforcement regarding the cyber attack, and that an investigation into it had been launched.  

The company also said it was “working diligently to determine the nature and scope of the matter”.

[Embed tweet: ]

On September 12, MGM Resorts made a second statement via X, reporting that all its “resorts including dining, entertainment and gaming” were “still operational”, and that its guests “continue to be able to access their hotel rooms and [its] Front Desk is ready to assist our guests as needed”. 

Despite this, from September 12 to 13, customers reported a number of issues linked to the cyber attack. This included slot machines and online booking systems of several of MGM’s Las Vegas properties being impacted by the attack, meaning guests could not check in, make card payments to book rooms or cancel their reservations. Digital keys were also reported to not be working, leading to staff having to hand out physical keys. Other guests said they were unable to log into their MGM accounts. 

The main websites for all 31 resorts that MGM manages were reportedly down as of September 13. The sites displayed an error message and urged customers to contact the resort either via third-party sites or via a phone call. 

Also on September 13, it was revealed that the malicious actors behind the cyber attack may have been ransomware gang ALPHV (also known as BlackCat). The host of “one of the largest collection of malware source code, samples, and papers on the internet”, VX Underground, made a post on X detailing how the hack took place. According to VX Underground, who cited “the threat actors themselves” as its source, said that the cyber attack started with a successful vishing attempt. Vishing sees malicious actors attempt to gain access to networks and/or personal information via a phone call where they pose as a trusted source.

VX Underground said: “All ALPHV ransomware group did [sic] to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk.”

[Embed tweet: ]

Other news sites including Reuters, however, reported that “two sources familiar with the matter” said that hacking group Scattered Spider were responsible for the attack. This is due to Scattered Spider relying on social engineering tactics to gain access to organization’s networks.

The cost of the cyber attack for MGM is currently unknown, however financial services company Moody’s noted that it could have a negative impact on MGM’s credit. The financial services company also shared that the cyber attack “highlights key risks related to (MGM’s) business operations’ heavy reliance on technology and the operational disruption caused when systems need to go offline or are inoperable”. Additionally, MGM Resort’s share prices have, as of the time of writing, dropped by 6 percent since September 11. 

In August of this year, a ransomware attack on another Las Vegas hotelier, Caesar’s Palace, saw the company pay an alleged US$15 million to hackers. It was also reported that Scattered Spider was responsible for the hack, leading to the suggestion that Scattered Spider are similarly responsible for the cyber attack on MGM Resorts.

A timeline of the MGM Resorts hack

August 27: A ransomware attack is launched against Caesar’s Palace by hacking gang Scattered Spider. The hotelier allegedly pays $15 million to hackers. This gang is later linked to the MGM Resorts cyber attack.

September 11: MGM Resorts puts out a statement saying a “cyber security incident” has affected some of the company’s systems. An investigation into the cyber attack is launched and the relevant authorities contacted.

September 12: MGM Resorts makes a second statement reporting that all “resorts including dining, entertainment and gaming are still operational” and that its guests “continue to be able to access their hotel room and [its] Front Desk is ready to assist our guests as needed”.

September 12: Guests report a number of issues with MGM Resorts’ online booking system and casino. The company’s main website is reported as being down.

September 13: VX Underground, host of “one of the largest collection of malware source code, samples, and papers on the internet”, makes a post on X saying the MGM cyber attack was the result of vishing. VX Underground also reports that ransomware gang, ALPHV, were responsible for the attack.

September 13: Sources close to the cyber attack say that the hacking group, Scattered Spider, are responsible for the hack.

September 13: Financial services company Moody’s says the cyber attack may negatively impact MGM’S credit. The company also notes that the cyber security incident highlights “key risks” in MGM’s reliance on technology.