It’s clear that what MGM has called a “cybersecurity issue” will be extremely costly.
“VX-Underground is a researcher that absolutely knows cybersecurity.” “VX-Underground is well respected in the cybersecurity community and often talks with threat actors,” says Martin Zugec, technical solutions director at Bitdefender, a multinational cybersecurity firm. While ALPHV’s responsibility for the attack has not been verified, cybersecurity experts say VX-Underground is a reliable source.
The FBI confirmed it was involved in the ongoing investigation. Neither MGM nor the FBI has publicly characterized the nature of the breach, and MGM has not responded to Forbes’ multiple requests for comment. In April 2022, CISA, America’s cyber defense agency, issued an alert based on an FBI flash report on ALPHV, noting the criminal group had “compromised at least 60 entities worldwide.”
ALPHV is an extremely well-known black-hat actor in the cybersecurity industry, thought to be responsible for attacks against Reddit and Western Digital, among others.