While details are still scarce, prior research points to that once the breach of the casinos was made, the threat group Scattered Spider exploited a vulnerable kernel-mode driver to gain high-level access to Windows privileges.
Article Link: Tactics of MGM-Caesars attackers were known for several months | SC Media