BRITISH retail giant M&S continues to be plagued by a cyberattack that has halted all online orders.
The criminals suspected to be behind the attack are known collectively as “Scattered Spider”; – one of the most prolific of the past 18 months.
While M&S has not commented on , multiple sources told BleepingComputer that Scattered Spider are responsible for the attack.
The gang specialises in ransomware – a type of attack designed to steal information or access in exchange for a sum of money.
They have been gaining a reputation for targeting large, customer-facing organisations through social engineering and identity-focused tactics.
“While they are not as well-resourced as some nation-state actors or long-established ransomware syndicates, Scattered Spider is far from “small fry,”;”; Jamie Akhtar, CEO and Co-founder at CyberSmart, told The Sun.
“Scattered Spider, also tracked as UNC3944, has become one of the most active and disruptive threat actors in the last 18 months.
“This is a group known not for sheer technical sophistication, but for their ability to manipulate access, often by impersonating employees or exploiting multi-factor authentication systems.”;
Their most high-profile hack was the attack on Caesars Entertainment and MGM Resorts in 2023, two of the largest casino and gambling companies in the US.
The attack led to large-scale outages and cost the companies tens of millions in damages.
“That incident highlighted their preference for fast, bold attacks that blend extortion with disruption characteristics that may well be mirrored in,”; explained Akhtar.
By impersonating an employee when calling the MGM Resorts IT help desk, cyber crooks were able to deploy ransomware onto the company’s servers.
These servers hosted thousands of virtual machines that supported gaming booths, online reservation systems, digital room keys and websites.
Both companies experienced days of disruption.
While customer information was also stolen, including names, contact information, date of birth, driver’s license number and for some, their social security and passport details.
If they are the group behind the M&S breach, then “it is likely that it followed a similar pattern to [the Caesars Entertainment and MGM Resorts] ransomware attack, allowing the gang to hide in their network, exfiltrate data, and steal crucial customer information,”; said James Dyer, threat intelligence lead at KnowBe4.
The British-American cybergang is believed to have been founded in 2022.
Although Scattered Spider is their most popular title, the group goes by many other names, such as Star Fraud, Muddled Libra and more.
“Scattered Spider, whilst not the worst group, definitely have the skill set to cause fall out if required,”; added Dyer.
“They have shown when they focus and deploy their assets effectively they can cause businesses to halt production.
“However, they are yet to hit the heights of LockBit or BlackCat due to their sophistication and unprecedented scale of the attacks.”;
The group has also been known to collaborate with other malicious actors, like DragonForce, RansomHub and Qilin.
The FBI, alongside the federal Cybersecurity and Infrastructure Security Agency (CISA), is closely watching the gang, alongside commercial security experts.
“We’d be silly as defenders to not consider them as a threat,”; Dyer continued.
“However, they’re well versed in this field, so being proactive and tracking this group will prove a challenge.
“They are not performing low level mistakes like using the exact same malware, and therefore their attacks will co-evolve to ensure a higher level of success when they strike again.”;
The goal of a ransomware attack is not just riches – but fame too.
Jake Moore, global cybersecurity advisor at ESET, told the Sun that the hacking of a household name could aid both the group’s reputation, and increase the chances of it being handed a ransom.
“The attack on Marks & Spencer is primarily focused on making as much money as possible whilst gaining notoriety as the shop is so entrenched in British culture and history,”; he said.
“Its popularity has made it become a headline story placing even more pressure on M&S to pay the demands.”;
