Boyd Gaming has informed the SEC about a data breach affecting the information of employees and other individuals.

The post Hackers Target Casino Operator Boyd Gaming appeared first on SecurityWeek.

The juvenile suspect surrendered on September 17 and was booked on computer intrusion, extortion, and identity theft charges.

The post Scattered Spider Suspect Arrested in US appeared first on SecurityWeek.

A teenage boy suspected of participating in cyberattacks on multiple Las Vegas casinos in late 2023 was arrested last week. The Las Vegas Metropolitan Police Department said the minor turned himself in Wednesday at the Clark County Juvenile Detention Center, where he was booked on multiple charges. 

The suspect, who is unnamed because he’s a minor, is charged with extortion, conspiracy to commit extortion, unlawful acts regarding computers and three counts of obtaining and using personally identifiable information to harm or impersonate another person.

Authorities did not describe the teenager’s alleged involvement in the cyberattacks, but they specifically linked the boy to the high-profile casino attacks attributed to Scattered Spider, which included devastating attacks on MGM Resorts International and Caesars Entertainment between August and October 2023.

The attacks brought multiple casino properties owned by MGM Resorts International to a standstill, resulting in $100 million in lost revenue and $10 million in one-time expenses related to response and recovery, the company said in a regulatory filing. Caesars reportedly paid a $15 million extortion demand at the time, which it alluded to in a regulatory filing. 

The minor suspected of participating in these attacks surrendered himself to authorities one day after two teenagers — Thalha Jubair, 19, of London, and Owen Flowers, 18, of Walsall, England — were arrested in the United Kingdom for their alleged involvement in many attacks attributed to Scattered Spider. 

Scattered Spider, an unbound cybercrime collective composed of young, native English-speaking people, is responsible for at least 120 cyberattacks since 2022, according to officials. Threat researchers pin many high-profile cyberattacks to the cunning threat group, including a more recent spree of attacks on Marks & Spender in the United Kingdom, United Natural Foods, WestJet and Hawaiian Airlines. 

The nebulous offshoot of The Com is notorious for using social engineering and phishing to break into critical infrastructure and business networks. Researchers said multiple people are typically involved in these attacks, providing specific technical, social engineering and extortion skills to accomplish their objectives.

The Justice Department last week said Scattered Spider was responsible for extortion attacks on 47 U.S.-based organizations from May 2022 to September 2025, adding that victims of those attacks paid at least $115 million in ransom payments.

Cybercrime experts are unsure about the identity of the teenager arrested in Las Vegas or the specific crimes he allegedly committed. “I wasn’t previously aware of a local [resident] that assisted with that hack,” Allison Nixon, chief research officer at Unit 221B, told CyberScoop.

“It is within the typical [modus operandi] of that group to recruit local people that can provide physical assistance for a hack,” she added. 

Zach Edwards, senior threat analyst at Silent Push, said it’s possible the minor “felt that they were in significant risk of being outed by someone else who was arrested, and maybe just wanted to preempt the arrest so it would be easier on their family and maybe lead to leniency in the eyes of the court.”

Officials said Las Vegas detectives working with the FBI’s Las Vegas Cyber Task Force identified the teenage boy as a suspect during their investigation into the casino attacks. Local police have not shared additional information about the case, and the FBI declined to provide further comment.

Las Vegas police said the Clark County District Attorney’s Office is seeking to transfer the juvenile to the criminal division to try him as an adult for his alleged crimes.

The post Las Vegas police arrest minor accused of high-profile 2023 casino attacks appeared first on CyberScoop.

Authorities in the United Kingdom this week arrested four people aged 17 to 20 in connection with recent data theft and extortion attacks against the retailers Marks & Spencer and Harrods, and the British food retailer Co-op Group. The breaches have been linked to a prolific but loosely-affiliated cybercrime group dubbed “Scattered Spider,” whose other recent victims include multiple airlines.

The U.K.’s National Crime Agency (NCA) declined verify the names of those arrested, saying only that they included two males aged 19, another aged 17, and 20-year-old female.

Scattered Spider is the name given to an English-speaking cybercrime group known for using social engineering tactics to break into companies and steal data for ransom, often impersonating employees or contractors to deceive IT help desks into granting access. The FBI warned last month that Scattered Spider had recently shifted to targeting companies in the retail and airline sectors.

KrebsOnSecurity has learned the identities of two of the suspects. Multiple sources close to the investigation said those arrested include Owen David Flowers, a U.K. man alleged to have been involved in the cyber intrusion and ransomware attack that shut down several MGM Casino properties in September 2023. Those same sources said the woman arrested is or recently was in a relationship with Flowers.

Sources told KrebsOnSecurity that Flowers, who allegedly went by the hacker handles “bo764,” “Holy,” and “Nazi,” was the group member who anonymously gave interviews to the media in the days after the MGM hack. His real name was omitted from a September 2024 story about the group because he was not yet charged in that incident.

The bigger fish arrested this week is 19-year-old Thalha Jubair, a U.K. man whose alleged exploits under various monikers have been well-documented in stories on this site. Jubair is believed to have used the nickname “Earth2Star,” which corresponds to a founding member of the cybercrime-focused Telegram channel “Star Fraud Chat.”

In 2023, KrebsOnSecurity published an investigation into the work of three different SIM-swapping groups that phished credentials from T-Mobile employees and used that access to offer a service whereby any T-Mobile phone number could be swapped to a new device. Star Chat was by far the most active and consequential of the three SIM-swapping groups, who collectively broke into T-Mobile’s network more than 100 times in the second half of 2022.

Sources tell KrebsOnSecurity that Jubair also was a core member of the LAPSUS$ cybercrime group that broke into dozens of technology companies in 2022, stealing source code and other internal data from tech giants including Microsoft, Nvidia, Okta, Rockstar Games, Samsung, T-Mobile, and Uber.

In April 2022, KrebsOnSecurity published internal chat records from LAPSUS$, and those chats indicated Jubair was using the nicknames Amtrak and Asyntax. At one point in the chats, Amtrak told the LAPSUS$ group leader not to share T-Mobile’s logo in images sent to the group because he’d been previously busted for SIM-swapping and his parents would suspect he was back at it again.

As shown in those chats, the leader of LAPSUS$ eventually decided to betray Amtrak by posting his real name, phone number, and other hacker handles into a public chat room on Telegram.

That story about the leaked LAPSUS$ chats connected Amtrak/Asyntax/Jubair to the identity “Everlynn,” the founder of a cybercriminal service that sold fraudulent “emergency data requests” targeting the major social media and email providers. In such schemes, the hackers compromise email accounts tied to police departments and government agencies, and then send unauthorized demands for subscriber data while claiming the information being requested can’t wait for a court order because it relates to an urgent matter of life and death.

Sources say Jubair also used the nickname “Operator,” and that until recently he was the administrator of the Doxbin, a long-running and highly toxic online community that is used to “dox” or post deeply personal information on people. In May 2024, several popular cybercrime channels on Telegram ridiculed Operator after it was revealed that he’d staged his own kidnapping in a botched plan to throw off law enforcement investigators.

In November 2024, U.S. authorities charged five men aged 20 to 25 in connection with the Scattered Spider group, which has long relied on recruiting minors to carry out its most risky activities. Indeed, many of the group’s core members were recruited from online gaming platforms like Roblox and Minecraft in their early teens, and have been perfecting their social engineering tactics for years.

“There is a clear pattern that some of the most depraved threat actors first joined cybercrime gangs at an exceptionally young age,” said Allison Nixon, chief research officer at the New York based security firm Unit 221B. “Cybercriminals arrested at 15 or younger need serious intervention and monitoring to prevent a years long massive escalation.”