A cyber criminal gang proficient in impersonation and malware has been identified as the likely culprit for an attack that paralized networks at US casino operator MGM Resorts International.

The group, which security researchers call “Scattered Spider,” uses fraudulent phone calls to employees and help desks to “phish” for login credentials. It has targeted MGM and dozens of other Western companies with the aim of extracting ransom payments, according to two people familiar with the situation.

The operator of hotel casinos on the Las Vegas Strip, including the Bellagio, Aria, Cosmopolitan, and Excalibur, preemptively shut down large parts of its internal networks after discovering the breach on Sunday, one of the people said.