Teen Suspect in Las Vegas Casino Cyberattacks Surrenders to Police

A teenage boy believed to have played a role in the 2023 cyberattacks that crippled the two largest casino operators in Las Vegas has turned himself in, according to the Las Vegas Metropolitan Police Department (LVMPD). Authorities confirmed that the suspect, whose identity is being withheld because he is a minor, is now being held at the Clark County Juvenile Detention Center.

He is facing six felony counts, including three charges of obtaining and using personal identifying information to harm or impersonate another person, one charge of extortion, one charge of conspiracy to commit extortion, and one charge of unlawful acts regarding computers. Prosecutors from the Clark County District Attorney’s Office are seeking to transfer the case to the adult criminal division, which would allow the teenager to face these charges as an adult.

The arrest is the latest development in a broader investigation conducted by the FBI’s Las Vegas Cyber Task Force, which includes LVMPD cybercrime specialists. In November 2024, federal prosecutors indicted four young men, aged between 20 and 23, in connection with related cyberattacks, though those charges were not specifically tied to the incidents at MGM Resorts International and Caesars Entertainment.

In its most recent statement, LVMPD avoided naming MGM or Caesars directly, referring instead to “multiple Las Vegas casino properties” that were targeted during the period between August and October 2023.

Cybersecurity experts have linked the attacks to Scattered Spider, a loosely organized hacker collective that also goes by the aliases Octo Tempest, UNC3944, and 0ktapus3. The group has been associated with several high-profile ransomware campaigns over the past two years.

The fallout from the attacks was starkly different for the two companies. MGM Resorts International refused to pay a ransom, a decision that reportedly cost the operator about $100 million in damages and led to roughly 10 days of system outages, affecting slot machines, room keys, reservation systems, and company websites. Caesars Entertainment, on the other hand, was reported by the Wall Street Journal to have paid $15 million of a $30 million ransom demand, resulting in significantly less operational disruption.

By fLEXI tEAM