(Bloomberg) — The hacking group accused of disrupting MGM Resorts International casinos and hotels last year is engaged in a new campaign targeting banks and insurance companies, according to cybersecurity researchers.
Most read on Bloomberg
The group, known as the Scattered Spider, has targeted 29 companies since April 20 and successfully compromised the systems of at least two insurance companies, according to Resilience Cyber Insurance Solutions, an insurance risk firm. of cybersecurity whose researchers followed the group’s activities online.
In the recent campaign, Scattered Spider targeted Visa Inc., PNC Financial Services Group Inc., Transamerica, New York Life Insurance Co. and Synchrony Financial, according to a senior threat researcher at Resilience, who did not wish to be named due to security concerns. It was unclear whether the group had managed to gain access to any of these companies, the researcher said.
Representatives for Transamerica and Synchrony declined to comment, while spokespeople for Visa, PNC and New York Life did not respond to requests for comment. The researcher declined to name the two insurance industry companies that were successfully hacked.
Resilience researchers said the attackers purchased lookalike domains that match the names of these target companies. They then used them to host fake login pages intended to hijack them, sending phishing links via emails and text messages to industry employees directing them to the fake pages, according to research by Resilience. These pages are branded as Okta Inc., or content management services, which allow hackers to steal user credentials.
For people who visit the fake pages, a link intended for those who “need help logging in” redirects them to a domain labeled with racist epithets run by Scattered Spider, according to the study.
Kyrk Storer, an Okta spokesperson, said the company monitors Scattered Spider’s ongoing threat activity and “proactively notifies customers when we identify fake login pages like these.” The company recently introduced new security features to mitigate the group’s tactics, including phishing-resistant authentication and protecting sensitive logins with additional security controls, Storer said.
The group works at incredible speed, targeting multiple companies with social engineering techniques observed on May 6, according to the senior threat researcher at Resilience.
Scattered Spider, an amorphous group that cybersecurity researchers say emerged in May 2022, has been accused of orchestrating a wave of high-profile hacks in the second half of last year, including those against MGM and Caesars Entertainment Inc., as well as cryptocurrency trading. Coinbase Global Inc. and manufacturer Clorox Co., leading to a shortage of cleaning products on U.S. shelves.
Read more: Casino Hackers Use Low-Tech Tricks to Exploit Corporate Networks
The Pirates…
