Would Have, Could Have, Should Have: Dissecting the 2023 MGM Hack

In late 2023 the AlphV subgroup ScatteredSpider executed a high-impact ransomware campaign against MGM Resorts by using LinkedIn-based reconnaissance and voice impersonation to trick the IT help desk, obtain elevated credentials, deploy sniffers, exfiltrate admin credentials (Azure, Windows, Okta), and deliver ransomware to approximately 100 ESXi hypervisors—disrupting reservations, gaming systems, digital room access and exposing customer PII; the attack reportedly cost nearly $100M and the document frames the incident to argue for prevention-first security controls.