One sentence summary – Auckland Transport is currently experiencing a widespread outage caused by a cyber incident, believed to be a ransomware attack, impacting customer services including HOP services, while investigations are ongoing and concerns arise about potential exposure of sensitive customer data; meanwhile, MGM Resorts has been targeted by the BlackCat ransomware group, who claim to have infiltrated the company’s infrastructure, encrypted data, and are threatening further attacks unless a ransom is paid.
At a glance
- Auckland Transport (AT) is currently experiencing a widespread outage caused by a cyber incident.
- AT has indicated that they were targeted by ransomware.
- The incident has impacted a wide range of customer services, particularly their HOP services.
- Investigations into the incident are still ongoing.
- AT’s website and HOP services are expected to return to normal operations early next week.
The details
Auckland Transport (AT), the government-owned regional transportation authority responsible for public transport and infrastructure in the Auckland region, is currently experiencing a widespread outage.
The outage is caused by a cyber incident.
AT has indicated that they were targeted by ransomware.
Investigations into the incident are still ongoing.
The incident has impacted a wide range of customer services provided by AT.
Particularly, their HOP services, which include integrated ticketing and fares, have been affected.
Despite the cyber incident, passengers with empty HOP cards will be given leniency.
Travel using AT’s buses, ferries, and trains should continue unaffected.
AT’s website and HOP services are expected to return to normal operations early next week.
However, there is concern that AT customers’ sensitive details may have been exposed due to the nature of ransomware attacks.
AT believes that the incident is isolated to one part of their system.
They also believe that no personal or financial data has been accessed.
No major ransomware groups have claimed responsibility for the attack on AT’s systems.
In another incident, MGM Resorts, a renowned hospitality and entertainment company, has been targeted by a cyber attack.
An affiliate of the BlackCat ransomware group, also known as APLHV, is responsible for the attack.
The group claims to have infiltrated MGM’s infrastructure and encrypted over 100 ESXi hypervisors after the company took down its internal infrastructure.
The BlackCat ransomware group has exfiltrated data from the network.
The group maintains access to some of MGM’s infrastructure.
They are threatening to launch new attacks unless a ransom is paid.
Cybersecurity researchers believe that the breach was carried out through a social engineering attack.
The threat actor responsible for the breach is being tracked by cybersecurity companies as Scattered Spider.
Scattered Spider has also breached the network of Caesars Entertainment and demanded a ransom of $30 million.
Despite the hackers’ claims, MGM Resorts has not responded to the provided communication channel.
MGM Resorts has shown no intention to negotiate a ransom payment.
The group claims to still have super administrator privileges on MGM’s Okta environment.
They also claim to have Global Administrator permissions to the company’s Azure tenant.
They threaten to extract and share relevant information online unless an agreement is reached with MGM.
Additionally, the group threatens to carry out additional attacks using their current access to MGM’s infrastructure.
Scattered Spider is known for using various social engineering attacks to breach corporate networks.
These attacks include impersonating help desk personnel and SIM swap attacks.
Researchers believe that Scattered Spider consists of English-speaking teenagers and young adults.
There is a connection between Scattered Spider and the Lapsus$ hacking group in terms of members and tactics.
Scattered Spider has targeted over 130 organizations to steal Okta identity credentials and 2FA codes.
The group utilizes Bring Your Own Vulnerable Driver attacks to gain elevated access on compromised devices.
Once they gain admin credentials, they can hijack single sign-on administration, destroy backups, and deploy the BlackCat/ALPHV ransomware.
Typically, the group demands million-dollar ransoms in return for not publishing data or to receive a decryptor.
These are the detailed facts and information available regarding the cyber incidents related to Auckland Transport and MGM Resorts.
Article X-ray
Here are all the sources used to create this article:
A cityscape with a transportation symbol and a casino symbol being struck by lightning bolts.
This section links each of the article’s facts back to its original source.
If you have any suspicions that false information is present in the article, you can use this section to investigate where it came from.
| bleepingcomputer.com |
|---|
| – Auckland Transport (AT) in New Zealand is experiencing a widespread outage caused by a cyber incident. |
| – |
| The incident has impacted a wide range of customer services provided by AT. – |
| AT is the government-owned regional transportation authority responsible for public transport and infrastructure in the Auckland region. – |
| The cyber incident has specifically affected AT’s HOP services, which include integrated ticketing and fares. – |
| AT has indicated that they were targeted by ransomware, but investigations are still ongoing. – Passengers with empty HOP cards will be given leniency, and travel using AT’s busses, ferries, and trains should continue unaffected. – AT’s website and HOP services are expected to return to normal operations early next week. – There is concern that AT customers’ sensitive details may have been exposed due to the nature of ransomware attacks. – |
| AT believes that the incident is isolated to one part of their system and that no personal or financial data has been accessed. – |
| No major ransomware groups have claimed responsibility for the attack on AT’s systems. |
| bleepingcomputer.com |
|---|
| – An affiliate of the BlackCat ransomware group, also known as APLHV, is responsible for the attack on MGM Resorts that led to the shutdown of IT systems. – |
| The BlackCat ransomware group claims to have infiltrated MGM’s infrastructure and encrypted over 100 ESXi hypervisors after the company took down its internal infrastructure. – |
| The group has exfiltrated data from the network and maintains access to some of MGM’s infrastructure, threatening to launch new attacks unless a ransom is paid. |
| – Cybersecurity researchers believe that the breach was carried out through a social engineering attack. – |
| The threat actor responsible for the breach is being tracked by cybersecurity companies as Scattered Spider. – Scattered Spider has also breached the network of Caesars Entertainment and demanded a ransom of $30 million. – MGM Resorts has not responded to the provided communication channel and has shown no intention to negotiate a ransom payment. – |
| The hackers claim to still have super administrator privileges on MGM’s Okta environment and Global Administrator permissions to the company’s Azure tenant. |
| – BlackCat threatens to extract and share relevant information online unless an agreement is reached with MGM. – |
| The group also threatens to carry out additional attacks using their current access to MGM’s infrastructure. – Scattered Spider is known for using various social engineering attacks to breach corporate networks, including impersonating help desk personnel and SIM swap attacks. |
| – Researchers believe that Scattered Spider consists of English-speaking teenagers and young adults. |
| – |
| There is a connection between Scattered Spider and the Lapsus$ hacking group in terms of members and tactics. – Scattered Spider has targeted over 130 organizations to steal Okta identity credentials and 2FA codes. – |
| The group utilizes Bring Your Own Vulnerable Driver attacks to gain elevated access on compromised devices. – |
| Once they gain admin credentials, they can hijack single sign-on administration, destroy backups, and deploy the BlackCat/ALPHV ransomware. – |
| The group typically demands million-dollar ransoms in return for not publishing data or to receive a decryptor. |
English 
Portuguese 
Turkish 
Chinese 
German