Scattered Spider Attacks - Four Arrested

British  police have made arrests for the cyber attack that caused major disruption at Marks & Spencer (M&S), the Co-op, the luxury goods store Harrods and more recently the Qantas airline. 

Four people were detained at their homes in the early hours of Thursday 10th July 2025 and their electronic devices were taken away. by the police. They were apprehended on suspicion of offences under the Computer Misuse Act, blackmail, money laundering and participating in the activities of an organised crime group. 

One of the suspects is a 19-year-old man from Latvia and the rest are from the UK. The National Crime Agency (NCA) has said that a 20-year-old woman was arrested in Staffordshire, and three males, aged between 17 and 19, were arrested in London and the West Midlands. The cyber criminals deployed ransomware affecting the company's IT networks making them unusable, unless a ransom was paid.

The chairman of M&S, Archie Norman, recently told UK Parliment MPs that it felt like the hack was aimed at business destruction and that M&S estimates it will cost £300m in lost profits. 

 M&S expects its operations to be affected until late July, with some IT systems not fully operational until October or November. The cyber attack on Harrods is though to have had less impact on its operations.

In expert comment, the CEO of HackerOne, Kara Sprague, said “When we fail to create visible, ethical pathways for curious young people with cybersecurity talent, some will take the wrong route, with life-changing consequences... Around the world, outdated laws and a lack of awareness leave too many aspiring hackers without a clear pathway to an ethical outlet for their talent. This gap harms individuals and deprives us of the talent we need in today’s threat landscape."
 
The use of AI to deploy new forms of cyber attack is lowering the barrier to entry for attackers while increasing complexity for defenders.

"Now more than ever, we need to meet the next generation of hackers where they are with programs, policies, and incentives that channel curiosity into contribution rather than criminal behaviour." Sprague concludes. 

BBC  |   MSN  |   ChronicleLive  |   NewsShopper  |   Yahoo  |   Standard  |  Guardian

Image:  Ideogram

You Might Also Read: 

Fraudsters Leverage Bots To Exploit Digital Marketing Campaigns:


If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« GitHub Exploited In Sophisticated Malware Campaign
Why Smarter Data Protection Is Now A Business Essential »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Davis Wright Tremaine (DWT)

Davis Wright Tremaine (DWT)

Davis Wright Tremaine is a full-service law firm with offices throughout the US and in Shanghai, China. Practice areas include Technology, Privacy & Security.

AML Solutions

AML Solutions

AML Solutions offer a full range of Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) services.

KFSensor

KFSensor

KFSensor is an advanced 'honeypot' intrusion and insider threat detection system for Windows networks.

Israel Aerospace Industries (IAI)

Israel Aerospace Industries (IAI)

IAI offers a holistic approach that provides defense forces, governments, critical infrastructures and large enterprises with end-to-end cyber security & monitoring tools.

Cryptsoft

Cryptsoft

Cryptsoft provides key management and security software development toolkits based around open standards such as OASIS KMIP and PKCS#11.

Cybersprint

Cybersprint

Cybersprint's Digital Risk Protection platform continuously monitors your digital footprint so you can make informed decisions on exposure to online threats, identify vulnerabilities and take action.

Cyber Security Africa

Cyber Security Africa

Cyber Security Africa is a full-service Information Security Consulting firm offering a comprehensive range of Services and Products to help organizations protect their valuable assets.

iZOOlogic

iZOOlogic

iZOOlogic protects hundreds of the world’s leading brands, across banking, finance and government from cybercrime. We provide strong cyber defence solutions to protect client digital assets.

Adaptive Shield

Adaptive Shield

Addaptive Shield - Complete Control For Your SaaS Security. Proactively find and fix weaknesses across your SaaS platforms.

Palmchip

Palmchip

Palmchip is a Cyber Security, SOC and Software consulting company. We design and develop high performance and secure applications.

Cyber Security for Europe (CyberSec4Europe)

Cyber Security for Europe (CyberSec4Europe)

CyberSec4Europe is designing, testing and demonstrating potential governance structures for a European Cybersecurity Competence Network.

Varen Technologies

Varen Technologies

Varen Technologies is an innovative consulting partner with highly respected cyber security, analytics, Agile Software Development and IT/maintenance expertise.

ExchangeDefender

ExchangeDefender

ExchangeDefender provides cybersecurity services that secures your company email and data, and guarantees 24/7 email access.

Leaf IT

Leaf IT

Leaf IT are a pioneering cloud-first MSP, dedicated to helping businesses in the UK and Ireland. We focus on delivering tangible results for our clients through IT transformation.

Radiant Security

Radiant Security

Radiant Security offers an AI-powered security co-pilot for Security Operations Centers (SOCs). Reinforce your SOC with an AI assistant.

RapidFort

RapidFort

RapidFort’s Software Attack Surface Optimization Platform remediates 95% of software vulnerabilities in minutes without code changes.