'Aggressive' Hackers of UK Retailers Are Now Targeting US Stores, Says Google

Google has warned that the hacker group known as "Scattered Spider," which recently disrupted UK retailer Marks & Spencer, is now targeting U.S. retailers with aggressive and sophisticated cyberattacks. "U.S. retailers should take note. These actors are aggressive, creative, and particularly effective at circumventing mature security programs," John Hultquist, an analyst at Google's cybersecurity arm, said in an email sent on Wednesday. The Guardian reports: Scattered Spider is widely reported to have been behind the particularly disruptive hack at M&S, one of the best-known names in British business, whose online operations have been frozen since 25 April. It has a history of focusing on a single sector at a time and is likely to target retail for a while longer, Hultquist said. Just a day before Google's warning, M&S announced that some customer data had been accessed, but this did not include usable payment or card details, or any account passwords. The Guardian understands the details taken are names, addresses and order histories. M&S said personal information had been accessed because of the "sophisticated nature of the incident."

"Today, we are writing to customers informing them that due to the sophisticated nature of the incident, some of their personal customer data has been taken," the company said. Hackers from the Scattered Spider ecosystem have been behind a slew of disruptive break-ins on both sides of the Atlantic. In 2023, hackers tied to the group made headlines for hacking the casino operators MGM Resorts International and Caesars Entertainment. Law enforcement has struggled to get a handle on the Scattered Spider hacking groups, in part because of their amorphousness, the hackers' youth, and a lack of cooperation from cybercrime victims.

Re:

[Tablizer]

Let's send cruise missiles up scammer boss's asses, and broadcast the blood splash on Youtube.

Re:

[Geoffrey.landis]

They never go after cartels and mafia bosses.. What's up with that?

Maybe cartels and mafia bosses don't report it to the FBI when they get hacked?

Re:

[Anonymous Coward]

You're going to hack the cash only business of drugs and gambling? Let me know how that works out.

H.O.U.A.

[Anonymous Coward]

Hackers of Unusual Aggressiveness

Fuck 'em.

[Gravis Zero]

These are the same companies that lied about theft being a huge problem so they could have mass layoffs without the blowback. If they fall victim then it's because they didn't invest in security because profit was more important than anything else. Fuck 'em.

Sophisticated nature of the incident :o

[Mirnotoriety]

Someone with full admin to the companies Active Directory clicked on a malicous WebLink.

Subject Lost in Translation

[martiniturbide]

Why the UK Retailers have hackers? :)

Marks and Sparks wasn't the only retailer.

[mjwx]

Marks and Spencer wasn't the only retailer they hit, they also breached smaller UK retailer The Co-operative Group, branded Co-Op. However Co-Op caught the breach in progress and deliberately cut themselves off. Thus they were able to get back into production much faster. Still caused days of delays in logistics leading to emtpy shelves at local Co-Op stores which is bad because for some smaller villages, it's the only store in town.

The hacking group sent a nastygram to the BBC claiming they were in the Co-Op's systems for some time.

This is also why I refuse to be a member of any store loyalty program. I've bought more than a few things from M&S (and probably get something from a Co-Op on a weekly basis) but the hackers won't have any details on me as I've always checked out as M&S as a guest and never signed up for a loyalty card. In fact I avoid stores that have two tier pricing (in other words, overcharge people who aren't members).

If you were a member of M&S loyalty program, this is what the hackers now know about you:
- Name.
- Home Address.
- Email Address.
- Phone Number.
- Date of Birth.
- Order History.
- Household details (other members, any details you've given for delivery, et al)

You can also bet that a lot of people reused their password for other accounts with the same email.