UK-Based Hackers Linked to Scattered Spider Group Facilitating Cyber-Attacks

Google’s cybersecurity experts have warned that a group of hackers, known as Scattered Spider, are actively facilitating cyber-attacks on US retailers.

The threat, which initially targeted British retailers such as Marks & Spencer, the Co-op, and Harrods, has now shifted to the US.

According to Charles Carmakal, chief technology officer at Google’s Mandiant cybersecurity unit, Scattered Spider hackers tend to focus on a particular industry sector and geography for a few weeks before moving on to something else. “They start in the UK, and now they’ve shifted to US organisations,” he said.

Carmakal revealed that UK members of Scattered Spider are facilitating and contributing to intrusions, without specifically naming the victims.

The group’s tactics have prompted the National Cyber Security Agency to warn companies to look out for specific techniques, including hackers ringing up IT help desks and pretending to be employees or contractors in order to gain access to company systems.

“What we’re seeing is they’re making telephone calls, calling up help desks, pretending to be employees and convincing helpdesks to reset passwords,” said Carmakal. He added that the task of ringing up helpdesks is sometimes carried out by younger members of the Scattered Spider network, who are paid to make a few hundred dollars.

Scattered Spider is unusual among hacking groups deploying ransomware because it is composed of native English speakers from countries such as the UK, US, and Canada. Carmakal has listened to “countless calls” that Scattered Spider hackers have made to company employees, including extortion and harassment attempts.

The warning comes as French luxury brand Dior revealed that an “unauthorised external party” had accessed some customer data. While the scale of the breach and the identity of the attacker remain unclear, no payment information was taken.

Google’s cybersecurity specialists have said that the US retail sector is currently being targeted in ransomware and extortion operations linked to Scattered Spider.

“The actor, which has reportedly targeted retail in the UK following a long hiatus, has a history of focusing their efforts on a single sector at a time, and we anticipate they will continue to target the sector in the near term,” said John Hultquist, chief analyst at Google Threat Intelligence Group. “US retailers should take note.”