Scattered Spider Hacking Group Is Behind The Attack On M&S

Uploaded on 2025-04-30 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

The chaotic problems at British retail giant Marks & Spencer (M&S) are being caused by a ransomware attack believed to be conducted by threat actors known as Scattered Spider.  M&S is a British multinational retailer that employs 64,000 employees and sells various products, including clothing, food, and home goods in over 1,400 stores worldwide. 

The retailer is dealing with some major issues, with empty shelves not replenished and delays to its online shopping services.

Scattered Spider is known for its ability to target large multisite companies and breaching their data. Since the attack commenced last weekend M&S has lost more than £700 million, wiped off its stock market valuation.

Shoppers are still able to browse online and shop in M&S’s physical stores using cash or cards, but some major problems continue in stores, with gift cards not currently being accepted. Returning goods is only possible in clothing and homeware stores or via post. Food stores are not currently able to accept returns.

Scattered Spider, also known as 0ktapus, Starfraud, Scatter Swine and Muddled Libra is a classification of threat actors that are adept at using social engineering attacks, phishing, multi-factor authentication (MFA) bombing (targeted MFA fatigue), and SIM swapping to gain initial network access on large organisations.

Scattered Spider members have typically engaged in data theft for extortion and have been known to use BlackCat ransomware.

This hacking group includes young members as young as 16 and is based in the UK and US, with a range of skills and the group began hacking in financial fraud and social media but now steals crypto-currency and hacks company data in extortion attacks. Some Scattered Spider members are thought to be part of The Comm, a group involved in high-profile cyber incidents and they use of different individuals for each attack make them difficult to track.

One of Scattered Spider's biggest exploits was at the gaming giant MGM Resorts International in September 2023, when guests reported difficulty accessing rooms and using casino games. MGM operates over 30 hotel and gaming venues around the world was alerted to a potential hack when Scattered Spider ibrought MGM systems to a halt after they gained access to the company's management systems and were able deploy ransomware.

MGM confirmed that In that exploit, some customers personal data was stolen, including names, dates of birth and driving license numbers. In some cases, social security numbers and passport numbers were also involved. 

It is not known to what the extent of the attack on M&S might have compromised customer data and, if it has, there  is a legal requirement for affected organisation to report this to the UK Information Commissioner's Office (ICO) under the 2018 UK Data Protection Act.

ITV   |   Bleeping Computer   |   Drapers   |   The Times   |  Guardian  |   BBC 

Image: Ideogram

You Might Also Read:

Major German Shopping Site Leaked Customer Data:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 






 

« Five Top-Rated Threat Intelligence Platforms

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Logicalis

Logicalis

Logicalis are a leading provider of global IT solutions and managed services.

Promon

Promon

Promon is an application security vendor providing Self-Protection abilities to Mobile apps and Desktop applications.

FIRST Conference

FIRST Conference

Annual conference organised by the Forum of Incident Response and Security Teams (FIRST), a recognized global leader in computer incident response.

Illumio

Illumio

Illumio delivers adaptive security for every computing environment, protecting the 80% of data center and cloud traffic missed by the perimeter.

BPC Banking Technologies

BPC Banking Technologies

BPC’s advanced fraud prevention solution helps card issuers and acquirers combat the growing threat by monitoring 100% of transactions, online, in real-time across all channels.

Guardian360

Guardian360

The Guardian360 platform offers unrivalled insight into the security of your applications and IT infrastructure.

Black Kite

Black Kite

Black Kite (formerly NormShield) provides comprehensive Security-as-a-Service solutions focused on cyber threat intelligence, vulnerability management and continuous perimeter monitoring.

TruSTAR Technology

TruSTAR Technology

TruSTAR is a threat intelligence exchange platform built to protect and incentivize information sharing.

FFRI Security

FFRI Security

FFRI is committed to research and development of preventing the most advanced cyber-attacks and breaches.

Estio Training

Estio Training

Estio Training is a specialist digital and IT apprenticeships provider, dedicated to introducing new skills and developing existing talent in businesses across the UK.

TAG Cyber

TAG Cyber

TAG Cyber's mission is to provide world-class cyber security research, advisory, and consulting services to enterprise security teams around the world.

Snowflake

Snowflake

Empower your cybersecurity and compliance teams with Snowflake. Gain full visibility into security logs, at massive scale, while reducing costs of Security Information and Event Management systems.

Cheops Technology

Cheops Technology

Cheops is a specialist in IT Business Technology Services. We help SMEs and large companies build, optimize and manage their IT so they can focus on their core business.

RMRF Tech

RMRF Tech

RMRF is a team of cybersecurity engineers and penetration testers which specializes in the development of solutions for early cyber threat detection and prevention.

ThreatDefence

ThreatDefence

ThreatDefence provides innovative SIEM, SOC-as-a-Service, and proactive cyber defence solutions to MSP’s and Enterprises.

V2X

V2X

V2X delivers IT support, networking, and cybersecurity solutions that ensure optimal mission support and performance.

BestDefense

BestDefense

BestDefense offers proactive cybersecurity solutions that adapt in real-time to outpace evolving threats and ensure resilient protection for your critical assets.