Federal prosecutors announced criminal charges against five alleged members of the notorious cybercrime group "Scattered Spider" in connection with the devastating September 2023 cyberattack on MGM Resorts.
The suspects, aged between 19 and 23, are accused of orchestrating a sophisticated ransomware attack that forced MGM to shut down its computer systems for several days, causing widespread disruption across its Las Vegas casino operations and resulting in an estimated $100 million in damages.
According to the Department of Justice indictment, the accused hackers employed social engineering tactics to gain unauthorized access to MGM's networks. They allegedly impersonated IT staff to trick employees into revealing sensitive login credentials.
The charges include conspiracy to commit computer fraud, intentional damage to protected computers, and wire fraud. If convicted, the suspects could face up to 20 years in prison for each count.
"Today's charges demonstrate our commitment to protecting American businesses and consumers from cybercriminals," said FBI Director Christopher Wray at a press conference in Washington D.C. "The Scattered Spider group has wreaked havoc on numerous organizations, and we will continue pursuing those who engage in these malicious attacks."
Three of the suspects were arrested in the United States, while two remain at large and are believed to be overseas. The FBI is working with international law enforcement partners to locate and apprehend the remaining suspects.
The September attack on MGM Resorts caused widespread chaos, forcing the casino giant to shut down slot machines, hotel reservation systems, and digital room keys. Guests were unable to make credit card transactions or access their rooms, leading to long lines and frustrated customers.
The indictment reveals that the hackers demanded a multi-million dollar ransom payment, which MGM refused to pay. Instead, the company worked with law enforcement and cybersecurity experts to restore its systems and strengthen its security measures.
This case highlights the growing threat of ransomware attacks targeting major corporations and critical infrastructure. The FBI estimates that cybercrime caused over $10.3 billion in losses to U.S. organizations in 2022 alone.
The investigation remains ongoing as authorities continue to gather evidence and pursue additional suspects connected to the Scattered Spider group.