About a year ago, the U.S. security firm Palo Alto Networks began to hear from a flurry of companies that had been hacked in ways that weren't the norm for cybercriminals. Native English-speaking hackers would call up a target company’s information technology helpdesk posing as an employee and seek login details by pretending to have lost theirs. They had all the employee information needed to sound convincing. And once they got access, they’d quickly find their way into the company's most sensitive repositories to steal that data for extortion.
Ransomware attacks are not new, but this group was extraordinarily skilled at social engineering and bypassing multi-factor authentication, said Wendi Whitmore, senior vice president for the security firm Palo Alto Networks' Unit 42 threat intelligence team, which has responded to several intrusions tied to the group.
"They are much more sophisticated than many cybercriminal actors. They are disciplined and organized in their attacks," she said. "And that's something we typically see more frequently with nation-state actors, versus cyber criminals." Known in the security industry variously as Scattered Spider, Muddled Libra, and UNC3944, these hackers were thrust into the limelight
earlier this month for
breaching the systems of two of the world's largest gambling companies - MGM Resorts
(MGM.N) and Caesars Entertainment Ltd
(CZR.O).
