In the latest development, members of the hacking group Scattered Spider have asserted that they were the initial perpetrators of the MGM network breach last week.
However, the ransomware gang Alphv, also known as Black Cat, countered this claim with a detailed statement on their dark-web platform, insisting that they were the true culprits.
Alphv's statement, while claiming responsibility, left a crucial question unanswered: whether Scattered Spider was acting as an affiliate of Alphv or an independent group utilizing Alphv-developed ransomware. This conflicting narrative is further muddying an already tumultuous news cycle, marked by speculative discussions on social media.
Definitive confirmation regarding the identity of the MGM attacker remains elusive until either the company or law enforcement authorities release public details about the incident.
Both Scattered Spider and Alphv represent significant cyber threats in their own right, according to experts. Scattered Spider, believed to be comprised of young adults in the U.S. and the U.K., is notorious for employing social engineering tactics in their attacks.
Charles Carmakal, CTO at Google Cloud's Mandiant, noted their recent use of Alphv's encryption. Their past exploits include a high-profile attack affecting over 130 organizations, resulting in the theft of more than 10,000 employees' login credentials.
Meanwhile, Alphv, thought to be based in Russia, has earned a reputation for conducting ruthless and widespread attacks. Their tactics have included releasing sensitive images from breast cancer patients' examinations while extorting the Lehigh Valley Health Network earlier this year. Notable victims have also included Western Digital and Sun Pharmaceuticals.
In the realm of ransomware, identities are intentionally obscured to hinder law enforcement's efforts to trace attacks back to their source. It's not uncommon for a major ransomware operator to claim credit for an attack initiated by an affiliate. Additionally, a larger group like Alphv could independently carry out an entire attack internally.
Ultimately, MGM, in conjunction with the FBI and third-party cyber incident response firms, will possess the most reliable information regarding the assailant's identity and the specifics of how the breach occurred.
