Scattered Spider Hackers Get Busy

Uploaded on 2025-06-02 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Hackers associated with the group known as Scattered Spider are currently engaged in a wave of cyber-attacks that have affected some of the UK’s most prominent retailers, including Marks & Spencer, the Co-op, and Harrods. Cybersecurity experts warn that the same threat is now extending across the Atlantic, targeting retailers in the United States as well.

Google’s cybersecurity division, Mandiant, has confirmed that this pattern of attacks has shifted seamlessly from the UK into the US, consistent with the modus operandi of Scattered Spider assailants.

The group is believed to be behind the recent breaches, which have seen personal data stolen from affected organisations.

Data Breaches & Personal Information Compromised

Mark & Spencer (M&S) recently notified staff that some personal information may have been compromised during the attack, with email addresses and full names believed to be amongst the data stolen. Later disclosures revealed that thousands of customers’ personal information had also been accessed by the hackers, further underscoring the scope and severity of these breaches.

The Tactics Of Scattered Spider

The National Cyber Security Centre (NCSC) issued an advisory warning businesses across the UK to remain vigilant. The agency highlighted specific tactics employed by Scattered Spider, notably an approach where attackers call IT help desks pretending to be employees or contractors to obtain system access.

“These cyber threats, including extortion and ransomware, are among the most prevalent risks facing UK organisations today,” the NCSC warned. Their guidance urges companies to scrutinise how their help desks manage password resets, as this remains a common entry point exploited by cybercriminals.

About Scattered Spider

Unlike many ransomware groups traditionally linked to Russian and former Soviet states, Scattered Spider is characterised by its composition of native English speakers from countries such as the UK, US, and Canada. The gang uses a variety of hacking techniques rather than operating as a formal, homogenous group.

The primary goal of ransomware gangs like Scattered Spider is to infect organisations' systems with malicious software that encrypts files. The attackers then demand payment in exchange for the decryption keys, often leading to significant data loss and operational disruption.

Challenges For Law Enforcement

Law enforcement agencies have found it difficult to track down and combat Scattered Spider. The group's amorphous structure, youthful membership, and the lack of cooperation from victims have hampered efforts to curtail their activities. 

Given their sophisticated social engineering tactics and dispersed structure, analysts warn that these cyber-attacks could continue to grow in frequency and intensity, especially with the increasing value of retail and consumer data.

The Growing Threat

With the retail sector increasingly targeted by cybercriminals, the importance of robust security measures becomes evident. The NCSC emphasises that cyber threats are opportunistic and indiscriminate, affecting businesses of all sizes - no organisation is immune to the risks posed by groups like Scattered Spider.

As these attacks expand into the US market, both UK and international companies are advised to reinforce their cybersecurity protocols to prevent becoming the next victim of this rising threat.

Google   |   NCSC  |   TechDigest  |   The Record  |   Guardian  |   MSN  

Image: Ideogram

You Might Also Read: 

The Future Of Passwords In Retail:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« British Research & Innovation Faces Serious Cyber Attacks
Understanding Identity & Access Management »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Privacy Professor

Privacy Professor

Privacy Professor provides information privacy, security and compliance services, tools and products to organizations in a wide range of industries.

CERT.LV

CERT.LV

CERT.LV is the national Computer Emergency Response Team for Latvia.

Labris Networks

Labris Networks

Labris Networks specializes in DDoS mitigation, NG Firewall, Unified Threat Management, Centralized Management, Regulatory Compliances and SOC/CERT Services.

Cybertonica

Cybertonica

Cybertonica is a FinTech company which detects and prevents fraudulent transactions and reduces risk for financial services organisations.

NinjaJobs

NinjaJobs

NinjaJobs is a community-run job platform developed by information security professionals. We focusing strictly on cybersecurity positions.

Riddle&Code

Riddle&Code

Riddle&Code is a product-led services company specializing in onboarding industries to Web3. The team's mission is to provide a trusted connection between the digital and physical worlds.

GrrCON

GrrCON

GrrCON is an information security and hacking conference that provides the Midwest InfoSec community with a fun atmosphere to come together and engage with like minded people.

Collins Aerospace

Collins Aerospace

Collins Aerospace provides cybersecurity services and systems to protect critical infrastructure facilities and railroad operations.

Conatix

Conatix

Conatix was formed to apply recent advances in AI and other fields of technology to insider fraud, one of the most intractable problems in cybersecurity.

Soteria

Soteria

Soteria is a global leader in the development, integration and implementation of advanced cyber security, intelligence and IT solutions, delivering complete end-to-end solutions.

NXTsoft

NXTsoft

NXTsoft’s solutions help businesses secure, connect and optimize their data to maximize revenue opportunities, enhance profitability, and mitigate cybersecurity risk.

Great American Insurance Group

Great American Insurance Group

Great American's Cyber Risk Division offers cyber solutions for small and medium-sized businesses.

GrayMatter

GrayMatter

GrayMatter provides Advanced Industrial Analytics, OT Cybersecurity, Digital Transformation and Automation & Control services to clients across the U.S. and Canada.

LegalByte

LegalByte

LegalByte is a leading provider of comprehensive legal and forensic services dedicated to addressing the complex challenges of the digital age.

CyberSecureRIA

CyberSecureRIA

We founded CyberSecureRIA specifically to secure and support RIAs. We exist to secure SEC-registered RIAs, and keep them compliant with cybersecurity regulations.

Vyntra Global

Vyntra Global

Vyntra is a global leader in transaction intelligence, formed from the merger of NetGuardians and Intix.