If the claims of someone in an AlphV (BlackCat) subgroup known for social engineering skills are true — and vx-underground believes their source is credible, then …. words fail:
All ALPHV ransomware group did to compromise MGM Resorts was hop on LinkedIn, find an employee, then call the Help Desk. A company valued at $33,900,000,000 was defeated by a 10-minute conversation.
Twitter thread starts here.
MGM has not commented on these claims.
Update: From subsequent developments, including a statement by ALPHV on September 14, DataBreaches has questions about whether vx-underground was really contacted by someone from ALPHV or not. ALPHV’s statement of September 14 states that prior to that statement, they had not contacted anyone about the MGM incident. Further, they criticized a Reuters story that claimed Reuters had spoken with someone from ALPHV, saying that Reuters had been pranked by someone on Telegram. Checking Reuter’s story, DataBreaches notes that they reported, “The group’s contact was provided to Reuters by a cybersecurity expert who runs an online repository of malware samples called “vx-underground”, and declined to be named.”
It sounds like vx-underground was contacted by someone who claimed to be ALPHV, and that vx-underground gave that contact info to Reuter’s reporter. vx-underground has not retracted its tweet or corresponding Telegram post, however. It thanked ALPHV for correcting one thing they attributed wrongly to vx-underground, but have not commented on ALPHV’s claims that they had not contacted anyone prior to the official statement.