Predator | AI-Powered Security Suite

Operational Briefing

Experience the modern face of cybercrime. A 10-minute phone call to a help desk dismantled a multi-billion dollar casino enterprise through "Vishing" and MFA fatigue.

The Full Story

In September 2023, the group known as Scattered Spider (or UNC3944) targeted MGM Resorts. They didn't use an expensive zero-day or complex malware. Instead, they found an employee's info on LinkedIn and called the help desk, pretending to be that employee who lost their MFA device.

    The help desk reset the password, giving the attackers super-administrator access to the Okta environment. They then proceeded to encrypt servers, shut down slot machines, hotel key cards, and reservation systems, causing over $100 million in damages.

Technical Analysis

The "Vishing" Chain

Initial Recon: Attacker finds IT/Admin employee on LinkedIn.
Vishing: Attacker calls Help Desk. "Hi, I'm Joe from IT. I lost my phone and need my password/MFA reset."
Okta Takeover: With the reset, attackers gain full control over the identity provider.
ALPHV Ransomware: Attackers deploy ALPHV/BlackCat ransomware after being detected to maximize leverage.

Available Modes

Offensive

Replicate the attack vector

Defensive

Harden systems & patch

Analysis

Forensic investigation

Event Timeline

Sept 10, 2023

Social engineering call to MGM help desk.

Sept 11, 2023

Slot machines and websites go dark.

Sept 13, 2023

MGM confirms cyberattack.

Sept 20, 2023

Services begin to return; $100M+ loss reported.