ALPHV, the ransomware group also known as BlackCat, has released a statement criticizing MGM Resorts International and cybersecurity firm VX Undergrounds for their handling of the ongoing cyberattack on MGM. ALPHV claims that MGM made hasty decisions and had a poor response team, while VX Undergrounds provided inaccurate information about the attack tactics.
According to ALPHV, they initially infiltrated MGM’s network by exploiting vulnerabilities in the company’s Okta Agent, without deploying any ransomware. They gained high-level privileges to MGM’s Okta and Azure tenant. In response to the network infiltration, MGM implemented conditional restrictions on their Okta environment. ALPHV argues that MGM’s network engineers lacked understanding, which led to network access problems. As a result, MGM made the decision to take offline important components of their infrastructure.
ALPHV also criticized VX Undergrounds for falsely reporting events in their attribution of the attack. They claim that VX Undergrounds leaked false attribution claims to the press without confirming them with high degrees of certainty. ALPHV argues that the attack tactics used are known to the public and can be easily imitated. VX Undergrounds had previously claimed that ALPHV compromised MGM by finding an employee on LinkedIn and calling the Help Desk.
The situation has become even more uncertain with the emergence of an unknown user in the MGM victim chat. ALPHV claims that they couldn’t link this user to MGM as their email inquiries went unanswered. The group posted a link to download exfiltrated materials in the chat, but neither the user nor MGM has responded to threats of a leak. ALPHV also raised questions about insider trading within MGM, suggesting that the company’s lack of stock purchases by insiders and significant stock sales may indicate a lack of interest in customer safety.
As the aftermath of the cyberattack continues, many of MGM’s key systems remain shut down. The attack was first announced on September 10 when MGM stated that it was forced to shut down systems due to a cybersecurity issue. The fact that the company’s website is still down suggests that the attackers may have targeted it as their primary objective. Bobby Cornwell, a cybersecurity expert from SonicWall, believes that the resort’s website, which allows for bookings and entertainment, could be a lucrative target for ransomware actors.
Overall, the situation surrounding the cyberattack on MGM remains uncertain. ALPHV’s statement sheds light on the alleged mishandling of the attack by both MGM and VX Undergrounds. As the investigation continues, it will be crucial for all parties involved to take appropriate measures to prevent further damage and ensure the security of MGM’s systems and customer data.