Hackers Attack Catawba Nation’s Two Kings Casino

Cybercriminals have attacked the Catawba Nation’s Two Kings Casino, with the hackers threatening to release the facility’s blueprints unless a ransom is paid.

Catawba Nation Casino Under Attack

The hackers, who say they come from the Anubis group, have said that they will make public sensitive security details, including the locations of chip vaults and the placement of surveillance cameras. The group announced they would do this on their dark website on Wednesday. However, conflicting reports from various sources that follow cybersecurity issues show conflicting reports on whether Anubis would release those documents.

Currently, Two Kings Casino is working with outside cybersecurity consultants to investigate. In a press release, Trent Troxel, vice president of the Catawba Nation Gaming Authority, which oversees the casino, explained the situation. According to him, the team has not yet found any evidence that the casino’s network, operations, or customer data have been impacted. 

Additionally, Troxel said that the documents in question are outdated and pertain to an earlier layout of the casino. He clarified that the cyberattack did not target the current temporary casino, but rather the permanent facility under construction, which is scheduled to open early next year with a projected cost of $700 million. Troxel explained that the company takes customer data security extremely seriously and will continue to diligently investigate the case.

What Is the Anubis Group?

The group of hackers first came to mainstream attention in December of 2024. It works as a ransomware group, which is a cybercriminal organization that develops, distributes, and manages ransomware. This is a type of malicious software designed to encrypt a victim’s data or lock them out of their systems. The group then demands a ransom payment, usually in cryptocurrency, in exchange for decrypting the files or restoring access.

Anubis often uses double extortion and operates as a ransomware-as-a-service (RaaS) provider, meaning it provides third parties with the tools needed for cyber attacks. In return, the group gets paid for the use of their software. In addition, Anubis also employs multiple monetization strategies through affiliate programs, such as a data extortion affiliate program and an access monetization affiliate program.

Experts believe that the operators behind Anubis may have previously been affiliates of other ransomware groups or have experience in data extortion and ransomware activities. This assessment is based on the group’s statements about their ransomware capabilities and the detailed, well-crafted investigative articles they publish about their victims. Anubis seems to be an emerging threat, showcasing the diverse business models used by modern extortionists.