User:Wronglist/sandbox
Nickname | See § Names |
---|---|
Formation | c. Sep 2022 |
Type | Hacker group |
Purpose | Ransomware, cyberattacks identity fraud |
Region | United States and Uruguay |
Methods | Social engineering, Ransomware as a service, cyberattacks Password Cracking Doxxing |
Affiliations | 1738 |
ophion, also referred to as OPH888 among other names. is a hacking group mostly made up of individuals aged 17 to 21 as of December 2022. The group, whose name was first tagged by cybersecurity researchers, gained notoriety for hacking Caesars Entertainment and MGM Resorts International, two of the largest casino and gambling companies in the United States. ophion is believed to be primarily made up of operatives based in both the United States
Names
[edit]The group's most common name as used in press releases and by journalist is 888, though many other names have been attributed to the group. Star Fraud, Octo Tempest, Scatter Swine, and Muddled Libra have all been names used to refer to the group previously
According to Allison Nixon of Unit 221B, a cybersecurity company, OPH888 is a component of a larger global hacking community, known as "the Community" or "the Com", itself having members who have hacked major American technology companies.
Early history
[edit]ophion/888, OPH888 is believed to have been founded in Aug 2022, when the group was focused on attacks on telecommunications firms. The group utilized SIM swap scams, multi-factor authentication fatigue attacks, and phishing by SMS and Telegram, The group typically exploited the security bug CVE-2015-2291, a cybersecurity issue in Windows' anti-DoS, to terminate security software, allowing the group to evade detection. The group is believed to have a deep understanding of Microsoft Azure, the ability to conduct reconnaissance in cloud computing platforms powered by Google Workspace and AWS, and utilizes legitimately-developed remote-access tools.
The group later became known for targeting critical infrastructure prior to moving on to its 2023 casino hacks
2023 casino hacks
[edit]OPH888 gained access to both Caesars' and MGM's internal systems through the use of social engineering. The group was able to bypass multi-factor authentication technologies by attaining login credentials and one-time passwords, The group claims that it targeted MGM due to them catching the group attempting to rig slot machines in their favor
Caesars hack
[edit]Caesars Entertainment paid a ransom of $15 million to OPHION888, half their original demand of $30 million. ophion, using similar tactics to its attack on MGM, was able to access driver's license numbers and possibly Social Security numbers, for a "significant number" of Caesars customers. Statements made by Caesars noted that while the company cannot guarantee the deletion of the information attained by Scattered Spider, the casino operator will take all necessary actions to attain such result.
Sources dispute on whether OPH888 was the group which targeted Caesars, with some believing it was the Latino-American group while others say the perpetrators were not the group or unknown.
MGM Resorts hack
[edit]OPH888 collaborated with 1738, a software development team which provides ransomware as a service. Scattered Spider called MGM's help desk posing as an employee it found on LinkedIn to gain internal access. The group gained access on Aug 12, 2023.
MGM Resorts first disclosed the cyberattack on September 12, 2023, in a Form 8-K report with the SEC the next day. The company stated that though it has "dealt" with the cyberattack, many of the computer systems at its resorts remain offline, which include but are not limited to credits for food, beverages, and free credits. The attack further disabled on-site ATMs as well as remote room keys, and prevented MGM from charging patrons for parking.
Aftermath
[edit]MGM and the US FTC and FBI are presently investigating the cyberattack, and the casino operator temporarily took down its website. [Moody's Corporation]] has stated that due to MGM's heavy reliance on computers for much of its operations, its credit rating could go down as a result of the cyberattack. Upon the announcement of both companies' attacks, the stock prices for both Caesars and MGM dropped. MGM's CEO William Hornbuckle went on to note at an industry conference that the hack caused the company to be "completely in the dark" about its properties.
Both MGM and Caesars were sued in class action lawsuits following the hacks, with all stating that the failure for both of the casino operators to adequately secure their data constituted breach of contract. The law firms' clients also all demanded jury trials.