Second Alleged Scattered Spider Member Arrested in Connection to 2023 Casino Cyber Attacks

Authorities have made a second arrest related to the MGM and Caesars cyberattacks, this time a British teenager.
Photo by Muhrfotografi/Shutterstock

UK authorities have arrested a 17-year-old in connection to last year’s cyberattacks on Caesars and MGM Resorts International. The teenager from Walsall in central England is accused of belonging to the hacking group Scattered Spider and has been charged with blackmail and violations of the Computer Misuse Act.

On July 18, the Regional Organised Crime Unit for the West Midlands in Walsall took the suspect into custody and released him on bail. Walsall authorities collaborated with the UK’s National Crime Agency, the FBI, and MGM Resorts on the investigation. They executed a search warrant at the suspect’s home, seizing digital devices for forensic examination.

The law enforcement agency did not disclose the suspect’s identity due to his age. Authorities also didn’t specify his alleged role or degree of involvement with Scattered Spider. The hacker group claimed responsibility for the MGM and Caesars attacks alongside ransomware provider ALPHV.

However, according to Bloomberg, the suspect has been on law enforcement agencies’ radar for “years.”

Sources told the news agency that he is a core member of the Starfraud Telegram channel. According to the US Cybersecurity and Infrastructure Security Agency, Starfraud is another name for Scattered Spider.

MGM Has Helped The Investigation

As part of the police announcement, MGM said it was proud to have supported the arrest and added,

By voluntarily shutting down our systems, refusing to pay a ransom, and working with law enforcement on their investigation and response, the message to criminals was clear: it’s not worth it.

In a statement, Bryan Vorndran, assistant director of FBI’s cyber division, said that the arrest attests to the agency’s strong domestic and international partnerships. He added,

The FBI, in coordination with its partners, will continue to relentlessly pursue malicious actors who target American companies, no matter where they may be located or how sophisticated their techniques are.

Bloomberg sources say the FBI has been working with MGM’s lawyers and IT team since the September attack.

However, despite working with and helping FBI agents, the MGM has been less cooperative with the Federal Trade Commission (FTC), which is conducting an investigation of its own. MGM sued the FTC in April for violating the company’s Fifth Amendment. In June, the federal agency hit back and petitioned the Nevada District Court to force MGM to answer a civil investigation demand.

Spanish Police Arrested Another Scattered Spider Member

The British teen is the second suspect to have been arrested in relation to the attacks on MGM and Caesars. On May 31, Spanish police arrested a 22-year-old British man whom they believe to be one of the group’s ringleaders. The arrest resulted from a joint investigation between Spanish authorities and the FBI.

That suspect’s name has also not been officially disclosed. However, security-focused investigative journalist Brian Krebs believes it to be Tyler Buchanan, known as “tylerb” on Telegram SIM-swapping channels. Spanish law enforcement says it has connected the suspect to attacks on at least 45 US companies. He allegedly amassed 391 Bitcoin from the attacks, worth over $46 million at today’s trading price.

A third suspected Scattered Spider operative was arrested this year, though he may not have been involved in the casino attacks. In January, US authorities detained 19-year-old Noah Michael Urban in Florida. Prosecutors believe Urban, allegedly operating under the hacker nicknames “Sosa” and “King Bob,” stole at least $800,000 from five victims.

Scattered Spider Still a Threat Despite Arrests

While the arrests are a big step forward for authorities, Scattered Spider remains a significant threat. The group’s membership is widespread, and tracking its activities is difficult. Compounding the confusion are the group’s many aliases, including UNC3944, Oktapus, Roasted Oktapus, Scatter Swine, Octo Tempest, and Muddled Libra. Some cybersecurity vendors regard these as different but overlapping groups based on their tactics, making it hard to compile their data sets to construct a coherent picture of the situation.

Scattered Spider has been very active in the last few years and is responsible for over 100 cyber attacks. They include hacks targeting Coinbase, Reddit, DoorDash, HubSpot, and Riot Games. While not confirmed, Scattered Spider is also reputed to have targeted financial companies like Visa and PNC Financial.

The group’s constant shift in target industries and techniques complicates tracking efforts. In the MGM and Caesars attacks, Scattered Spider partnered with ALPHV, the leading group in ransomware at the time. Recently, Microsoft said the hackers added RansomHub and Qilin, newer and more powerful ransomware variants.

About the Author

Chav Vasilev

Chav Vasilev

After years of managing fast-casual restaurants, Chav turned his passion for sports and occasional slot wins into a career as an iGaming writer. Sharing his time between Europe and the US, he has been exposed to betting and gambling for years and has closely followed the growth in the US. Chav is a proponent of playing responsibly and playing only at legal online sites. When not writing, you will find him watching and betting on sports, especially soccer, or trying to land the next big bonus on a slot.
To Top

Get connected with us on Social Media

Sign up to our newsletter to get bonus.com latest hands-on reviews, expert advice, and exclusive offers delivered straight to your inbox.
You are already subscribed to our newsletter. Want to update your preferences data?
Thank you for signing up! You’re all set to receive the latest reviews, expert advice, and exclusive offers straight to your inbox. Stay tuned!
View Offers