CyberSecurityBoard
Sponsor Register Login

Hackers behind UK retail attacks now targeting US companies

Scattered Spider (also tracked as 0ktapus, UNC3944, Scatter Swine, Starfraud, and Muddled Libra) is a term used to describe a fluid collective of threat actors known for breaching many high-profile organizations worldwide in sophisticated social engineering attacks that also involve phishing, SIM swapping, multi-factor authentication (MFA) bombing (also known as targeted MFA fatigue). The DragonForce ransomware operation ​​​​​has claimed all three attacks, and BleepingComputer has learned that the attackers who orchestrated them have used the same social engineering tactics linked to Scattered Spider threat actors. "The US retail sector is currently being targeted in ransomware and extortion operations that we suspect are linked to UNC3944, also known as Scattered Spider," John Hultquist, Chief Analyst at Google Threat Intelligence Group, told BleepingComputer. Although news outlets and security researchers frequently use "Scattered Spider" to describe this collective as a cohesive gang, it refers to a loosely-knit group of threat actors who use specific tactics during their attacks, making it challenging to track their activities. As first reported by BleepingComputer, British retail giant Marks & Spencer (M&S) was first breached in a ransomware attack where threat actors encrypted virtual machines on VMware ESXi hosts with a DragonForce encryptor. Since Scattered Spider started targeting UK retailers in April, the UK National Cyber Security Centre (NCSC) has published guidance to help UK organizations strengthen their cybersecurity defenses and has also cautioned that these cyberattacks should be seen as a "wake-up call", as any of them could become the next target. Some Scattered Spider threat actors are also believed to be part of the "Com," a loosely connected community involved in cyberattacks and violent acts that have often attracted media attention. Google warned today that hackers using Scattered Spider tactics against retail chains in the United Kingdom have also started targeting retailers in the United States. Other attacks linked to Scattered Spider include those on Twilio, Coinbase, DoorDash, Caesars, MailChimp, Riot Games, and Reddit.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 14 May 2025 19:40:03 +0000


Cyber News related to Hackers behind UK retail attacks now targeting US companies

The year of Mega Ransomware attacks with unprecedented impact on global organizations - A Staggering 1 in every 10 organizations worldwide hit by attempted Ransomware attacks in 2023, surging 33% from previous year, when 1 in every 13 organisations received ransomware attacks Throughout 2023, organizations around the world have each ...
1 year ago Blog.checkpoint.com
Hackers behind UK retail attacks now targeting US companies - Scattered Spider (also tracked as 0ktapus, UNC3944, Scatter Swine, Starfraud, and Muddled Libra) is a term used to describe a fluid collective of threat actors known for breaching many high-profile organizations worldwide in sophisticated ...
1 month ago Bleepingcomputer.com Scattered Spider Dragonforce
How MailChimp's Security Breach Caused By Social Engineering Proves That Every Company Should Be Precise with Their Security Policies - A recent security breach at the popular email marketing service MailChimp suggests that the company has fallen victim to a social engineering attack. With the latest incident, there’s an important lesson for all companies—no matter how robust ...
2 years ago Grahamcluley.com
Cybersecurity funding in 2024: Survival of the financially fittest - Attacker tactics, techniques, and procedures always evolve, which means companies will need new cybersecurity tools with improved capabilities. Cybersecurity startups raised massive rounds of funding with sometimes exorbitant valuations. ...
1 year ago Scmagazine.com
Major Retail Chains Suffer Data Breaches Amid Rising Cyber Threats to Consumer Trust - These incidents, occurring amid a 52% year-over-year rise in retail cyber vulnerabilities according to a 2025 survey, highlight the escalating risks facing an industry that processes billions of sensitive customer transactions annually. At M&S, ...
1 month ago Cybersecuritynews.com Hunters Scattered Spider
Navigating Retail Disruption: Maximize Customer Centricity and Business Performance with Observability - Cisco Full-Stack Observability solutions help optimize and secure the applications that underpinonline and in-store experiences from the customer to the warehouse to economies of scale. Retailers can become more customer centric by taking action that ...
1 year ago Feedpress.me
Google says hackers behind UK retail cyber campaign now also targeting US | The Record from Recorded Future News - Scattered Spider is the name used to track a loosely affiliated cybercriminal group previously described by the FBI as an offshoot of a larger criminal subculture calling itself “the Community,” or “the Com.” While Google suspects links ...
1 month ago Therecord.media Scattered Spider Dragonforce
North Korea's state hackers stole $3 billion in crypto since 2017 - North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017. Kimsuky, Lazarus Group, Andariel, and other North Korean hacking groups ...
1 year ago Bleepingcomputer.com Andariel Kimsuky Lazarus Group
Digital Technologies Power Global Operations but Present Growing Risks - As more and more industries and businesses turn to digital technologies in order to power their operations, cyber-attacks present a larger and more widespread threat for organizations and enterprises all over the world. The frequency and severity of ...
1 year ago Cyberdefensemagazine.com
FBI warns of gift card fraud ring targeting retail companies - The FBI warned retail companies in the United States that a financially motivated hacking group has been targeting employees in their gift card departments in phishing attacks since at least January 2024. Tracked as Storm-0539, this hacking group ...
1 year ago Bleepingcomputer.com
SecurityWeek Analysis: Over 450 Cybersecurity M&A Deals Announced in 2022 - MSSPs took the lead in cybersecurity M&A in 2022 with twice as many deals as in 2021. An analysis conducted by SecurityWeek shows that more than 450 cybersecurity-related mergers and acquisitions were announced in 2022. In 2022, we tracked a total of ...
2 years ago Securityweek.com
Why Have Big Cybersecurity Hacks Surged in 2023? - Payments made to hackers who hold systems hostage for ransom increased by almost half through September, according to blockchain analytics firm Chainalysis Inc., totaling almost $500 million in payouts. In just the past few months, hackers have ...
1 year ago Bloomberg.com LockBit
Holiday Hackers: How to Safeguard Your Service Desk - Hackers really don't take holidays, but they will take advantage of them. Many of these cyberattacks will zero in on the service or help desk to gain entry into network systems. Recovering accounts because of forgotten passwords is one of the ...
1 year ago Bleepingcomputer.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
CVE-2018-2888 - Vulnerability in the MICROS Retail-J component of Oracle Retail Applications (subcomponent: Back Office). Supported versions that are affected are 10.2.x, 11.0.x, 12.0.x, 12.1.x, 12.1.1.x,12.1.2.x and 13.1.x. Difficult to exploit vulnerability allows ...
5 years ago
CVE-2018-2876 - Vulnerability in the Oracle Retail Integration Bus component of Oracle Retail Applications (subcomponent: RIB Kernal(Apache Commons Collections)). The supported version that is affected is 13.2. Easily exploitable vulnerability allows unauthenticated ...
5 years ago
Worried about job security, cyber teams hide security incidents - Between a growing talent shortage, alert fatigue, and new sophisticated attack methods, companies are more susceptible than ever. The research reveals that 40% of cyber teams have not reported a cyber incident out of fear of losing their jobs - a ...
1 year ago Helpnetsecurity.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
1 year ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
1 year ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
1 year ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
1 year ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
1 year ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
1 year ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
1 year ago Cybersecurity-insiders.com
The Drive Behind AI Companies Developing Their Own Processors: Safeguarding Data Security - One notable trend gaining traction within the AI industry is the development of custom processors tailored specifically for AI applications. This shift is not solely driven by performance optimization but also by the paramount importance of data ...
1 year ago Cybersecurity-insiders.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)