UK arrests suspected Scattered Spider hacker linked to MGM attack
UK police have arrested a 17-year-old boy suspected of being involved in the 2023 MGM Resorts ransomware attack and a member of the Scattered Spider hacking collective.
“We have arrested a 17-year-old boy from Walsall in connection with a global cyber online crime group which has been targeting large organisations with ransomware and gaining access to computer networks,” reads a statement from the West Midlands Police in the United Kingdom.
“Officers from our Regional Organised Crime Unit for the West Midlands (ROCUWM) joined officers from the National Crime Agency, in coordination with the United States Federal Bureau of Investigation (FBI), to make the arrest at an address in the town on Thursday (July 18).”
The teenager was arrested on suspicion of violating the Blackmail and Computer Misuse Act and was subsequently released on bail while the police completed their investigation.
The authorities have also seized digital devices from the suspect that will be investigated for further evidence.
“We’re proud to have assisted law enforcement in locating and arresting one of the alleged criminals responsible for the cyber attack against MGM Resorts and many others,” MGM said as part of the law enforcement statement.
The UK police say that the arrest is part of a broader investigation conducted by the National Crime Agency and the FBI into a hacking group known to breach networks, steal data, and deploy ransomware in extortion schemes.
While not explicitly stated in the police statement, the hacking collective behind the MGM attack is known as Scattered Spider.
The name “Scattered Spider” denotes a loose-knit community of English-speaking threat actors (as young as 16) with diverse skill sets who commonly frequent the same Telegram channels, Discord servers, and hacker forums.
Some members are also believed to be part of the “Comm” – another hacking collective linked to violent acts and cyber incidents.
Contrary to the general belief that the Scattered Spider is a cohesive gang, it is a network of individuals with a large pool of threat actors participating in different attacks.
This fluid structure makes it difficult for law enforcement to track them or attribute attacks to a specific cybercrime group.
Scattered Spider is also known as 0ktapus, Starfraud, UNC3944, Scatter Swine, Octo Tempest, and Muddled Libra.
In a 2023 FBI advisory, law enforcement outlined the hacking collective’s skills and tactics, which include social engineering, phishing, multi-factor authentication (MFA) bombing (targeted MFA fatigue), and SIM swapping to breach corporate networks.
Over the past year, the threat actors in this “community” have taken the unusual approach of partnering with Russian ransomware gangs, including BlackCat/AlphV, Qilin, and RansomHub.
Other attacks attributed to Scattered Spider include Caesars, DoorDash, MailChimp, Twilio, Riot Games, and Reddit.