Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Security

Cyber-crime

Casino cyberattacks put a bullseye on Scattered Spider – and the FBI is closing in

Mandiant CTO chats to The Reg about the looming fate of this ransomware crew

Jessica Lyons Thu 23 May 2024  //  20:16 UTC

Interview The cyberattacks against Las Vegas casinos over the summer put a big target on the backs of prime suspects Scattered Spider, according to Mandiant CTO Charles Carmakal.

The Google-owned security biz has been tracking the loosely knit crew - believed to be teens and twenty-somethings located in the US and UK - since 2022 when they kicked off SIM swapping and social engineering attacks. 

But the gang's more recent turn to ransomware, data theft, and high-profile casino cyber-heists, which nearly shutdown MGM Resorts' hotel and casino biz for a week, raised the stakes and turned law enforcement's attention to the predatory arachnid-themed crew.

"It certainly got the attention that is warranted after the casino attacks," Carmakal said in an interview with The Register you can see below.

Carmakal also discussed how the crew's techniques and motivations differ from the typical extortion group — and the lasting impact Scattered Spider will likely have on the cybercrime landscape.

The FBI has indicated that prosecutors are getting closer to charging people involved in the digital intrusions linked to Scattered Spider. 

"There have been some arrests," Carmakal told us, and while he won't put a timeline on when he expects to see any suspects being hauled into court, "I do anticipate we will eventually hear good news." ®
Send us news
11 Comments

Google begs court for relief from Epic Games' Play Store demands

$137M needed to overhaul Play Store too great to bear, Google argues. Oh, and user security is important, too

China's APT41 crew adds a stealthy malware loader and fresh backdoor to its toolbox

Meet DodgeBox, son of StealthVector

Google can totally explain why Chromium browsers quietly tell only its websites about your CPU, GPU usage

OK, now tell us why this isn't an EU DMA violation – asking for a friend in Brussels

Privacy expert put away for 9 years after 'grotesque' cyberstalking campaign

Scumbag targeted many victims – and those who tried to help them

Ransomware crews investing in custom data stealing malware

BlackByte, LockBit among the criminals using bespoke tools

'Gay furry hackers' say they've disbanded after raiding Project 2025's Heritage Foundation

Ultra-conservative org funnily enough not ready to turn the other cheek

You had a year to patch this Veeam flaw – and now it's going to hurt some more

LockBit variant targets backup software - which you may remember is supposed to help you recover from ransomware

Eldorado ransomware-as-a-service gang targets Linux, Windows systems

US orgs bear the brunt of attacks by probably-Russian crew

TeamViewer can't bring itself to say someone broke into its network – but it happened

Claims customer data, prod environment not affected as NCC sounds alarm

If you're using Polyfill.io code on your site – like 100,000+ are – remove it immediately

Scripts turn sus after mysterious CDN swallows domain

Risk of installing dodgy extensions from Chrome store way worse than Google's letting on, study suggests

All depends on how you count it – Chocolate Factory claims 1% fail rate

Apple, Google, ease cross-cloud data transfers, perhaps with costly catch

The joy of cloudy interoperability may be dampened by differently-sized free storage tiers