A 17-year-old arrested by British police Thursday is believed to be a member of the cybercriminal gang behind last year’s ransomware attack on MGM Resorts and a number of other major companies.
The unidentified boy was released on bail as the investigation, which includes examination of a number of digital devices, continues, police said in a statement. The arrest was part of a global investigation “into a large-scale cyber hacking community,” the West Midlands Police said.
The West Midlands Regional Organised Crime Unit worked with the U.K.’s National Crime Agency and the FBI to make the arrest in Walsall, a town about nine miles northwest of Birmingham.
The statement did not include details about the boy or his alleged role in the Las Vegas attacks. The global entertainment and casino company determined it had been attacked on Sept. 29, 2023, and said in an October 2023 Securities and Exchange Commission filing that the attack cost the company more than $100 million in direct and indirect costs.
The FBI referred questions about the suspect to the West Midlands Police, who declined to comment on an ongoing investigation.
The arrest of the unidentified boy is the latest in a string of law enforcement moves targeting a dispersed and nebulous cybercriminal ecosystem known as “the Com,” which includes various, sometimes rival subgroups that cooperate on aspects of criminal operations.
Industry researchers track the group’s activity under the “Scattered Spider” moniker and terms such as Octo Tempest, 0ktapus, Scatter Swine or Muddled Libra.
Last month, Spanish authorities arrested Tyler Buchanan, a 22-year-old British man with ties to the Com. Researchers say Buchanan was an active sim-swapper and is tied to a 2022 Com-related phishing campaign that harvested nearly 10,000 login credentials related to more than 130 companies.
In January, federal authorities arrested 19-year-old Noah Michael Urban in Florida for his alleged role in stealing at least $800,000 from at least five different victims as part of a cybercriminal operation in 2022 and 2023. Urban — who went by “Sosa,” “Elijah,” “King Bob,” and “Anthony Ramirez” online — was part of the group with Buchanan, a researcher familiar told CyberScoop after Buchanan’s arrest.
“These cyber groups have targeted well-known organizations with ransomware and they have successfully targeted multiple victims around the world taking from them significant amounts of money,” Detective Inspector Hinesh Mehta of the West Midlands Cyber Crime Unit said in the statement.
MGM Resorts did not respond to a request for comment Monday. But in the West Midlands statement, MGM said it was “proud to have assisted law enforcement in locating and arresting one of the alleged criminals responsible for the cyber attack against MGM Resorts and many others.”
Ransomware attacks connected to the Com include the use of ransomware variants such as RansomHub and Qilin, Microsoft Threat Intelligence reported July 15. The group had previously used the ALPHV/BlackCat ransomware, including in the MGM Resorts attack.
Multiple teams at Microsoft, including the company’s Digital Crimes Unit, provided information that helped lead to last week’s arrest, the company told CyberScoop.
Updated July 23, 2024: This story has been updated to include a response from the West Midlands Police.