However, BleepingComputer has learned that both the M&S and Co-op attacks have been attributed to hackers utilizing tactics commonly associated with Scattered Spider, Lapsus$, and other threat actors who frequent the same Telegram channels, Discord servers, and hacking forums. The attacks on both Marks & Spencer and Co-op started with threat actors impersonating employees while contacting the company's IT help desk staff. Following three high-profile cyberattacks impacting major UK retailers, the country's National Cyber Security Centre (NCSC) has published guidance that all companies are advised to follow to strengthen their cybersecurity defenses. All three breaches were claimed by the DragonForce operation, with BleepingComputer learning that the threat actors utilized the same social engineering attack to breach both M&S and Co-op. The cybersecurity breaches that prompted NCSC's alert are the recent hacks at Marks & Spencer, Co-op, and Harrods, all multi-million British retailers. NCSC's security advisory comes shortly after the agency warned that these attacks should be taken as a "wake-up call" by all large businesses in the country, as they could be the next target in the hackers' crosshairs. Cybersecurity experts Kevin Beaumont and Will Thomas, who have both been tracking these attacks, have also shared tips on detecting and blocking these types of threat actors. "Review helpdesk password reset processes, including how the helpdesk authenticates staff members credentials before resetting passwords, especially those with escalated privileges," advised the NCSC. The attacks started with M&S, which suffered a DragonForce ransomware attack that utilized tactics associated with Scattered Spider. This is why the NCSC recommends that all companies review their help desk process to detect and block these types of breaches. Bill Toulas Bill Toulas is a tech writer and infosec news reporter with over a decade of experience working on various online publications, covering open-source, Linux, malware, data breach incidents, and hacks.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 05 May 2025 15:20:08 +0000