As first reported by BleepingComputer, the cyberattacks were attributed to threat actors classified as Scattered Spider, with associated hackers tied to numerous breaches over the past few years, including MGM, Twilio, Coinbase, DoorDash, Caesars, MailChimp, Riot Games, and Reddit. The UK's National Crime Agency (NCA) arrested four people suspected of being involved in cyberattacks on major retailers in the country, including Marks & Spencer, Co-op, and Harrods. During the attacks on Co-op and Marks & Spencer, the threat actors attempted to deploy the DragonForce ransomware. Although the NCA did not mention Scattered Spider in its announcement, the ethnicity, social engineering tactics, and ages of the arrested individuals match the typical profile of Scattered Spider members, as has been established from previous arrests in the US, Britain, and Spain. However, as these threat actors are believed to be part of a larger collective of diverse English-speaking threat actors that congregate on Discord, Telegram, and online forums, it is unlikely to cause a complete halt to attacks. Marks & Spencer had to pause online orders soon after the attack, and later confirmed that customer data had been stolen, forcing password resets for all customers. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks. The suspects are believed to be linked to cyberattacks on M&S, Co-op, and Harrods between late April and early May, causing massive disruptions and a negative impact on the businesses targeted by the hackers. "Since these attacks took place, specialist NCA cybercrime investigators have been working at pace and the investigation remains one of the Agency's highest priorities," stated NCA's Deputy Director, Paul Foster.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 10 Jul 2025 13:50:10 +0000