Login
Las Vegas police arrest minor accused of high-profile 2023 casino attacks
A teenage boy suspected of participating in cyberattacks on multiple Las Vegas casinos in late 2023 was arrested last week. The Las Vegas Metropolitan Police Department said the minor turned himself in Wednesday at the Clark County Juvenile Detention Center, where he was booked on multiple charges.
The suspect, who is unnamed because he’s a minor, is charged with extortion, conspiracy to commit extortion, unlawful acts regarding computers and three counts of obtaining and using personally identifiable information to harm or impersonate another person.
Authorities did not describe the teenager’s alleged involvement in the cyberattacks, but they specifically linked the boy to the high-profile casino attacks attributed to Scattered Spider, which included devastating attacks on MGM Resorts International and Caesars Entertainment between August and October 2023.
The attacks brought multiple casino properties owned by MGM Resorts International to a standstill, resulting in $100 million in lost revenue and $10 million in one-time expenses related to response and recovery, the company said in a regulatory filing. Caesars reportedly paid a $15 million extortion demand at the time, which it alluded to in a regulatory filing.
The minor suspected of participating in these attacks surrendered himself to authorities one day after two teenagers — Thalha Jubair, 19, of London, and Owen Flowers, 18, of Walsall, England — were arrested in the United Kingdom for their alleged involvement in many attacks attributed to Scattered Spider.
Scattered Spider, an unbound cybercrime collective composed of young, native English-speaking people, is responsible for at least 120 cyberattacks since 2022, according to officials. Threat researchers pin many high-profile cyberattacks to the cunning threat group, including a more recent spree of attacks on Marks & Spender in the United Kingdom, United Natural Foods, WestJet and Hawaiian Airlines.
The nebulous offshoot of The Com is notorious for using social engineering and phishing to break into critical infrastructure and business networks. Researchers said multiple people are typically involved in these attacks, providing specific technical, social engineering and extortion skills to accomplish their objectives.
The Justice Department last week said Scattered Spider was responsible for extortion attacks on 47 U.S.-based organizations from May 2022 to September 2025, adding that victims of those attacks paid at least $115 million in ransom payments.
Cybercrime experts are unsure about the identity of the teenager arrested in Las Vegas or the specific crimes he allegedly committed. “I wasn’t previously aware of a local [resident] that assisted with that hack,” Allison Nixon, chief research officer at Unit 221B, told CyberScoop.
“It is within the typical [modus operandi] of that group to recruit local people that can provide physical assistance for a hack,” she added.
Zach Edwards, senior threat analyst at Silent Push, said it’s possible the minor “felt that they were in significant risk of being outed by someone else who was arrested, and maybe just wanted to preempt the arrest so it would be easier on their family and maybe lead to leniency in the eyes of the court.”
Officials said Las Vegas detectives working with the FBI’s Las Vegas Cyber Task Force identified the teenage boy as a suspect during their investigation into the casino attacks. Local police have not shared additional information about the case, and the FBI declined to provide further comment.
Las Vegas police said the Clark County District Attorney’s Office is seeking to transfer the juvenile to the criminal division to try him as an adult for his alleged crimes.
The post Las Vegas police arrest minor accused of high-profile 2023 casino attacks appeared first on CyberScoop.
