Hackers that breached Las Vegas casinos rely on violent threats, research shows | CyberScoop<\/title> <meta name=\"description\" content=\"While best known for its social engineering techniques, a criminal hacking group known as "the Com" sometimes uses threats of violence.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/com-scattered-spider-tradecraft\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Hackers that breached Las Vegas casinos rely on violent threats, research shows\"> <meta property=\"og:description\" content=\"While best known for its social engineering techniques, a criminal hacking group known as "the Com" sometimes uses threats of violence.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/com-scattered-spider-tradecraft\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2023-10-25T21:11:25+00:00\"> <meta property=\"article:modified_time\" content=\"2023-10-25T21:45:37+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/hackers-that-breached-las-vegas-casinos-rely-on-violent-threats-research-shows-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1331\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"AJ Vicens\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@AJVicens\">  <link rel=\"dns-prefetch\" href=\"\/\/cdn.parsely.com\">\n<link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-0\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1697500969g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-4\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1697708085g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1698166067g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=7dab012cdc88b5676610\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/77783\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.3.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=77783\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcom-scattered-spider-tradecraft%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fcom-scattered-spider-tradecraft%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-77783 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/com-scattered-spider-tradecraft\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.05\">\n<div class=\"single-article__header-content\" readability=\"31.4765625\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/threats\/cybercrime\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> While best known for its social engineering techniques, a criminal hacking group known as “the Com” sometimes uses threats of violence. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"444\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/hackers-that-breached-las-vegas-casinos-rely-on-violent-threats-research-shows.jpg?resize=640%2C444&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/hackers-that-breached-las-vegas-casinos-rely-on-violent-threats-research-shows-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/hackers-that-breached-las-vegas-casinos-rely-on-violent-threats-research-shows-2.jpg?resize=300,208 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/hackers-that-breached-las-vegas-casinos-rely-on-violent-threats-research-shows-2.jpg?resize=768,532 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/hackers-that-breached-las-vegas-casinos-rely-on-violent-threats-research-shows-2.jpg?resize=1024,710 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/hackers-that-breached-las-vegas-casinos-rely-on-violent-threats-research-shows-2.jpg?resize=1536,1065 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/hackers-that-breached-las-vegas-casinos-rely-on-violent-threats-research-shows-2.jpg?resize=600,416 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/hackers-that-breached-las-vegas-casinos-rely-on-violent-threats-research-shows-2.jpg?resize=242,168 242w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/hackers-that-breached-las-vegas-casinos-rely-on-violent-threats-research-shows-2.jpg?resize=486,337 486w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/hackers-that-breached-las-vegas-casinos-rely-on-violent-threats-research-shows-2.jpg?resize=974,675 974w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/hackers-that-breached-las-vegas-casinos-rely-on-violent-threats-research-shows-2.jpg?resize=1216,843 1216w\" sizes=\"(max-width: 974px) 100vw, 974px\"><figcaption> Most of the exterior building lights at Caesars Palace are turned off as parts of the Las Vegas Strip go dark as a result of the statewide shutdown due to the coronavirus continuing to spread across the United States on March 19, 2020 in Las Vegas, Nevada.(Ethan Miller\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"41.08453685259\"><body readability=\"82.846214719071\"><\/p>\n<p>The prolific hacking group made up primarily of young people that was behind a recent breach that crippled several Las Vegas resorts has made graphic threats of violence as part of its attempts to force victims to give up their credentials, <a href=\"http:\/\/microsoft.com\/en-us\/security\/blog\/2023\/10\/25\/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction\/\">according to research released Wednesday<\/a>. <\/p>\n<p>According to researchers with Microsoft\u2019s threat intelligence and incident response divisions, members of the group it tracks as Octo Tempest \u2014 also known as 0ktapus, Scattered Spider or UNC3944 \u2014 tends to first target technical personnel on support desks and use social engineering techniques to trick them into giving up credentials or granting access to protected systems. <\/p>\n<p>But in some cases, the group has come to rely on violent threats to break into high-profile targets, including in at least one incident sending text messages threatening violence against a target\u2019s wife. <\/p>\n<figure class=\"wp-block-image aligncenter size-full\"><img data-recalc-dims=\"1\" decoding=\"async\" width=\"549\" height=\"533\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/hackers-that-breached-las-vegas-casinos-rely-on-violent-threats-research-shows.png?resize=549%2C533&ssl=1\" alt class=\"wp-image-77785\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/hackers-that-breached-las-vegas-casinos-rely-on-violent-threats-research-shows.png 549w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/hackers-that-breached-las-vegas-casinos-rely-on-violent-threats-research-shows.png?resize=300,291 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/hackers-that-breached-las-vegas-casinos-rely-on-violent-threats-research-shows.png?resize=173,168 173w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/hackers-that-breached-las-vegas-casinos-rely-on-violent-threats-research-shows.png?resize=347,337 347w\" sizes=\"(max-width: 549px) 100vw, 549px\"><figcaption class=\"wp-element-caption\">Threats sent to one of the targets (Microsoft)<\/figcaption><\/figure>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Made up primarily of <a href=\"https:\/\/cyberscoop.com\/las-vegas-mgm-caesars-cyber-attack\/\">native English speakers in their teens and early 20s<\/a>, Scattered Spider represents what Microsoft\u2019s researchers describe as \u201cone of the most dangerous financial criminal groups\u201d working online today, capable of \u201cbroad social engineering campaigns to compromise organizations across the globe.\u201d <\/p>\n<p>Researchers began to take notice of the group in early 2022, as its members became increasingly involved in SIM swapping and account takeovers to facilitate cryptocurrency theft. By early 2023, some members of the group developed a more advanced, aggressive approach and began monetizing the extortion of telecommunications, email and technology organizations. <\/p>\n<p>While researchers refer to the criminal collective as a group for ease of tracking, it emerged from a larger ecosystem that refers to itself as \u201cthe Com.\u201d This community of disparate subgroups and cliques include people engaging in account takeovers, SIM swapping, cryptocurrency thefts and occasionally violence for hire.<\/p>\n<p>The Com rocketed to public attention after striking Caesars Entertainment and MGM Resorts last month in an operation that crippled casino and hotel operations. But that attack was merely the latest in a string affecting major corporations, including Okta, Microsoft, Nvidia, Rockstar and Samsung, <a href=\"https:\/\/cyberscoop.com\/tag\/lapsus\/\">researchers have said<\/a>.<\/p>\n<p>A cybersecurity researcher familiar with the Com, who spoke on condition of anonymity given the group\u2019s history of violent threats, said that the cybersecurity industry has failed to address the group with sufficient urgency. The people involved in this activity are \u201ccreative in ways the industry doesn\u2019t give them credit for,\u201d the researcher said. \u201cRefusal to take kids seriously is why we have gotten so far into this mess.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Microsoft\u2019s researchers caution that the Com appears to be collaborating with other, more well-established criminal groups. By mid-2023, some members established an affiliate relationship with the ransomware group ALPHV\/BlackCat and used the group\u2019s leak site to post victim data.<\/p>\n<p>More recently, some Com members have displayed \u201ca diverse array\u201d of techniques, tactics and procedures to \u201cnavigate complex hybrid environments, exfiltrate sensitive data, and encrypt data,\u201d the researchers wrote. <\/p>\n<p>But the group is best known for its uncanny ability to use social engineering techniques to convince its targets to give up their credentials. In attacking Caesars and MGM, the group tricked a help desk worker into providing access to protected networks and then exploited that access to extort the resort giants. <\/p>\n<p>Caesars reportedly paid roughly $15 million to the attackers, the Wall Street Journal <a href=\"https:\/\/www.wsj.com\/business\/hospitality\/caesars-paid-ransom-after-suffering-cyberattack-7792c7f0\">reported<\/a> at the time. MGM refused to pay but <a href=\"https:\/\/www.cnn.com\/2023\/10\/05\/business\/mgm-100-million-hit-data-breach\/index.html\">suffered more than $110 million in direct and indirect costs<\/a> and losses from the incidents, according to federal filings.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.21875\">\n<div class=\"author-card\" readability=\"8\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/10\/hackers-that-breached-las-vegas-casinos-rely-on-violent-threats-research-shows-1.jpg?w=640&ssl=1\" alt=\"AJ Vicens\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by AJ Vicens<\/h4>\n<p> AJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal\/WhatsApp: (810-206-9411). <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/com-scattered-spider-tradecraft\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hackers that breached Las Vegas casinos rely on violent threats,<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1114,282,952,625,953,984,1],"tags":[1115,286,957,630,958,986,325],"class_list":["post-1946","post","type-post","status-publish","format-standard","hentry","category-caesars","category-cybercrime","category-mgm","category-microsoft","category-scattered-spider","category-the-com","category-uncategorized","tag-caesars","tag-cybercrime","tag-mgm","tag-microsoft","tag-scattered-spider","tag-the-com","tag-uncategorized"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/caesars\/\" rel=\"category tag\">Caesars<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/mgm\/\" rel=\"category tag\">MGM<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft\/\" rel=\"category tag\">Microsoft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/scattered-spider\/\" rel=\"category tag\">Scattered Spider<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/the-com\/\" rel=\"category tag\">The Com<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1946","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=1946"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1946\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=1946"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=1946"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=1946"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":1946,"date":"2023-10-25T21:11:25","date_gmt":"2023-10-25T21:11:25","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=77783"},"modified":"2023-10-25T21:11:25","modified_gmt":"2023-10-25T21:11:25","slug":"hackers-that-breached-las-vegas-casinos-rely-on-violent-threats-research-shows","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2023\/10\/25\/hackers-that-breached-las-vegas-casinos-rely-on-violent-threats-research-shows\/","title":{"rendered":"Hackers that breached Las Vegas casinos rely on violent threats, research shows"},"content":{"rendered":"