The financially driven hacker group responsible for the MGM Resorts attack, tracked under various aliases including UNC3944, has expanded its targets and monetization methods, according to Google-owned Mandiant. Since 2021, the group has targeted 100 organisations, predominantly in the US and Canada, primarily using SMS phishing campaigns. Mandiant observed the group shifted to lucrative ransomware tactics in 2023, typically exploiting employee credentials through phishing strategies and even calling help desks impersonating staff. The group has shown innovative targeting of victims’ cloud resources, which concerningly allows them to infiltrate sensitive systems.
Cyber agencies reveal top 15 routinely exploited vulnerabilities
Five countries’ cybersecurity agencies collaborated on a advisory for Common Vulnerabilities and Exposures (CVEs) frequently exploited in 2023.