Scattered Spider (UNC3944) used LinkedIn to identify MGM employee, called IT helpdesk impersonating them to get Okta/Azure admin access. Waited 2 days then launched ransomware against 100+ ESXi hypervisors on Sept 11. Slot machines, digital room keys, reservation systems offline for ~10 days. ALPHV/BlackCat claimed 6TB data exfiltrated. MGM refused to pay. $100M Q3 2023 loss. Customer PII including SSNs exposed. Five Scattered Spider members charged in 2024.