The U.S. Federal Bureau of Investigation (FBI) has been facing difficulties in stopping a highly aggressive cybercrime gang that has been targeting corporate America for the past two years, according to cybersecurity experts and victims. The FBI has been aware of the identities of at least a dozen members of the hacking group responsible for the major breaches at MGM Resorts International and Caesars Entertainment in September, but no arrests have been made. This has left industry executives puzzled, especially since many of the hackers are based in the United States.
Michael Sentonas, president of cybersecurity firm CrowdStrike, expressed his frustration with the lack of action, stating, “For such a small group, they are absolutely causing havoc.” He believes there is a failure on the part of law enforcement in addressing the issue. The FBI has acknowledged its investigation into the casino hacks but has not commented on the larger group responsible or the progress of the investigation.
The hacking group, dubbed “Scattered Spider,” has been active since 2021 but gained attention following a series of high-profile intrusions at American companies. The MGM breach resulted in significant disruptions to its operations and cost the company approximately $100 million in damages. Caesars paid around $15 million in ransom to regain access to its systems.
Several American cybersecurity firms, including CrowdStrike, Mandiant, Palo Alto Networks, and Microsoft, have been assisting in responding to the attacks and collecting evidence to identify the hackers. The FBI began investigating the group’s operations over a year ago, but the September casino hacks brought new urgency to the investigation.
Security analysts have found victims across various industries, ranging from telecoms and outsourcing firms to healthcare and financial service companies. According to cybersecurity firm ZeroFox, around 230 organizations have been targeted since the beginning of last year.
The slow response from law enforcement is attributed to a lack of resources and manpower, with the FBI reportedly losing its top cyber agents to higher-paying jobs in the private sector. Additionally, some victim companies have been hesitant to cooperate with the FBI, depriving prosecutors of potentially crucial evidence.
The loose-knit nature of the hacking group, consisting of small clusters of individuals collaborating on specific tasks, has further complicated the investigation. The group primarily operates in Western countries, including the United States, and communicates through social messaging apps such as Telegram and Discord.
Coordinating internally across its numerous field offices has been a challenge for the FBI, as each office independently investigates individual hacks without initially realizing their connection. However, recent developments indicate progress in the investigation, with the FBI’s Newark field office taking the lead and assigning a new special agent to the case.
In recent months, alarming details of the hacking group’s aggressive tactics have emerged, including extortion, ransomware, phone scams, and even offering payment for physical violence. The hackers have been quoted threatening to kill employees unless provided with passwords.
Efforts to contact the hackers for this story were unsuccessful, but cybersecurity experts describe them as ruthless and pathological. Kevin Mandia, founder of Mandiant, emphasized the importance of apprehending hackers operating from democratic nations that collaborate with the international community.
In conclusion, the FBI’s struggle to halt the activities of the Scattered Spider hacking group has raised concerns about the agency’s ability to combat cybercrime effectively. The group’s bold and destructive attacks on American companies have left industry executives baffled, and cybersecurity firms are working diligently to assist law enforcement in identifying the hackers.
