Scattered Spider Hackers Get Busy

Uploaded on 2025-06-02 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

Hackers associated with the group known as Scattered Spider are currently engaged in a wave of cyber-attacks that have affected some of the UK’s most prominent retailers, including Marks & Spencer, the Co-op, and Harrods. Cybersecurity experts warn that the same threat is now extending across the Atlantic, targeting retailers in the United States as well.

Google’s cybersecurity division, Mandiant, has confirmed that this pattern of attacks has shifted seamlessly from the UK into the US, consistent with the modus operandi of Scattered Spider assailants.

The group is believed to be behind the recent breaches, which have seen personal data stolen from affected organisations.

Data Breaches & Personal Information Compromised

Mark & Spencer (M&S) recently notified staff that some personal information may have been compromised during the attack, with email addresses and full names believed to be amongst the data stolen. Later disclosures revealed that thousands of customers’ personal information had also been accessed by the hackers, further underscoring the scope and severity of these breaches.

The Tactics Of Scattered Spider

The National Cyber Security Centre (NCSC) issued an advisory warning businesses across the UK to remain vigilant. The agency highlighted specific tactics employed by Scattered Spider, notably an approach where attackers call IT help desks pretending to be employees or contractors to obtain system access.

“These cyber threats, including extortion and ransomware, are among the most prevalent risks facing UK organisations today,” the NCSC warned. Their guidance urges companies to scrutinise how their help desks manage password resets, as this remains a common entry point exploited by cybercriminals.

About Scattered Spider

Unlike many ransomware groups traditionally linked to Russian and former Soviet states, Scattered Spider is characterised by its composition of native English speakers from countries such as the UK, US, and Canada. The gang uses a variety of hacking techniques rather than operating as a formal, homogenous group.

The primary goal of ransomware gangs like Scattered Spider is to infect organisations' systems with malicious software that encrypts files. The attackers then demand payment in exchange for the decryption keys, often leading to significant data loss and operational disruption.

Challenges For Law Enforcement

Law enforcement agencies have found it difficult to track down and combat Scattered Spider. The group's amorphous structure, youthful membership, and the lack of cooperation from victims have hampered efforts to curtail their activities. 

Given their sophisticated social engineering tactics and dispersed structure, analysts warn that these cyber-attacks could continue to grow in frequency and intensity, especially with the increasing value of retail and consumer data.

The Growing Threat

With the retail sector increasingly targeted by cybercriminals, the importance of robust security measures becomes evident. The NCSC emphasises that cyber threats are opportunistic and indiscriminate, affecting businesses of all sizes - no organisation is immune to the risks posed by groups like Scattered Spider.

As these attacks expand into the US market, both UK and international companies are advised to reinforce their cybersecurity protocols to prevent becoming the next victim of this rising threat.

Google   |   NCSC  |   TechDigest  |   The Record  |   Guardian  |   MSN  

Image: Ideogram

You Might Also Read: 

The Future Of Passwords In Retail:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« British Research & Innovation Faces Serious Cyber Attacks
Understanding Identity & Access Management »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

European Internet Forum (EIF)

European Internet Forum (EIF)

EIF’s mission is to help provide European political leadership for the political, economic and social challenges of the worldwide digital transformation.

Information Security Media Group (ISMG)

Information Security Media Group (ISMG)

Information Security Media Group is the world’s largest media organization devoted solely to information security and risk management.

Japan Information Security Audit Association (JASA)

Japan Information Security Audit Association (JASA)

JASA is non-profit association active in developing and managing the quality of Information Security Auditing and Auditors in Japan.

MadSec Security

MadSec Security

MadSec Security is a leading consulting company whose expertise are information and cyber security.

Mako Networks

Mako Networks

The Mako System is an award winning networking and security service designed specifically for SMEs and branch offices of larger organisations.

Asoftnet

Asoftnet

Asoftnet are specialists in IT security, IT forensics, IT service, websites, applications and mobile solutions.

SOFTwarfare

SOFTwarfare

SOFTwarfare deliver high-quality, reliable and secure enterprise application integrations through RESTful APIs for Cyber, Ops & Dev.

e-Careers

e-Careers

e-Careers is an edtech institution that provides industry recognised courses and up-skilling solutions to individuals and organisations.

Drata

Drata

Drata is a security and compliance automation platform that continuously monitors and collects evidence of a company's security controls, while streamlining workflows to ensure audit-readiness.

Cybrella

Cybrella

Cybrella offers professional cybersecurity services for small to medium sized businesses and to larger enterprises looking to expand their cybersecurity capabilities.

StickmanCyber

StickmanCyber

At StickmanCyber we are on a mission to create a digital world that is safe for everyone - we are your trusted cybersecurity partner.

Secure Cyber Defense

Secure Cyber Defense

Secure Cyber Defense provides expert cybersecurity consulting and managed detection and response services to companies, local government, schools and universities.

Edgio

Edgio

Edgio provides unmatched speed, security, and simplicity at the edge through globally-scaled media and applications platforms.

Zitec

Zitec

One of Europe's largest and most prominent full-cycle software development services companies, Zitec is the digital transformation partner to companies in the EU, UK, USA, Canada and ME.

Ofcom

Ofcom

Ofcom is the UK's communications regulator. We regulate the TV, radio and video on demand sectors, fixed line telecoms, mobiles, postal services, plus the airwaves over which wireless devices operate.

Cyber Solutions Inc

Cyber Solutions Inc

Cyber Solutions has been providing professional IT Support for businesses since 1998.