More information about the attack:
Scattered Spider told vx-underground that they compromised MGM using social engineering, whereby the hackers allegedly found an employee on LinkedIn and called the organization’s help desk to access their account. Scattered Spider is known for using social engineering techniques to trick employees into granting the hackers access to large corporate networks. Members of the transatlantic hacking group reportedly include young adults and teenagers, resembling similar hacking and extortion groups like Lapsus$.
“These are not Russian hackers, these are Western hackers,” Allison Nixon, chief research officer at Unit 221B, told TechCrunch. “There is a disproportionate number of minors involved, and that’s because the group deliberately recruits minors because of the lenient legal environment these minors exist in and they know nothing will happen to them if the police catch a kid,” Nixon said.