Ethical Hacking News
US retailers are under attack from the Scattered Spider gang, who have deployed ransomware in recent attacks on major retailers. According to Google's threat-intel nerve-center Mandiant, the group is behind the digital intrusions, which include DragonForce ransomware and a focus on a single sector at a time.
The Scattered Spider (UNC3944) gang is behind recent digital intrusions targeting major American retailers' IT environments. The gang, thought to be relatively quiet until mid-April, launched a series of attacks on US retailers including Marks & Spencer and Harrods. The group's "shiny object syndrome" causes them to focus on a single sector at a time before moving on. The attacks disrupt companies' operations due to self-inflicted downtime as employees struggle to authenticate or access IT systems. The gang has deployed DragonForce ransomware in some of the attacks, adapting their tactics to exploit new vulnerabilities. The Scattered Spider gang relies on pre-existing tools to carry out their attacks, rather than developing their own encryptors. Law enforcement agencies are likely to take action against the group following high-profile cyber security events. The recent uptick in attacks highlights the ongoing threat posed by cybercrime and underscores the need for companies to stay ahead of emerging threats.
Cybercrime has struck again, this time targeting major American retailers' IT environments. According to Google's threat-intel nerve-center Mandiant, the Scattered Spider (aka UNC3944) gang is behind these recent digital intrusions.
The Scattered Spider gang had been relatively quiet until mid-April when it launched a series of attacks that claimed victims including retailers Marks & Spencer, Co-op, and Harrods. The group's activity was thought to have been stifled by at least seven arrests last year, following the disbandment of their previous extortionware group, ALPHV/BlackCat.
However, according to Charles Carmakal, chief technology officer of Mandiant Consulting, the Scattered Spider gang has "shiny object syndrome", meaning they tend to focus on a single sector at a time and move on once they've exploited it. In this case, their attention turned to US-based retailers.
The attacks on US retailers are not unlike those carried out by the Scattered Spider gang in the UK. The disruption caused is often due to companies making changes to prevent the group from moving across networks, resulting in self-inflicted downtime as employees struggle to authenticate or access IT systems.
Carmakal confirmed that the gang has deployed DragonForce ransomware in some of the attacks, a move that suggests they are adapting their tactics to exploit new vulnerabilities. The use of DragonForce is notable, as it represents a departure from the gang's previous extortionware methods.
The Scattered Spider gang's methods are becoming increasingly sophisticated, with Carmakal noting that they "have never developed their own encryptor and deployed it across enterprises." Instead, they rely on pre-existing tools to carry out their attacks.
As the US retail sector becomes a target for the Scattered Spider gang, law enforcement agencies will likely take action. Carmakal warned that "anytime you have high-profile cyber security events attributed to known groups, you could expect that there will be law enforcement action."
The recent uptick in attacks by the Scattered Spider gang highlights the ongoing threat posed by cybercrime. As companies continue to invest in cybersecurity measures, it is likely that gangs like the Scattered Spider will adapt and evolve their tactics to remain effective.
In the meantime, US retailers must remain vigilant and take steps to protect themselves against these types of threats. The increasing sophistication of cybercrime groups like the Scattered Spider gang underscores the need for companies to stay ahead of emerging threats and develop robust cybersecurity measures to prevent breaches.
Related Information:
https://www.ethicalhackingnews.com/articles/Cybercrimes-Targeting-US-Retailers-Scattered-Spider-Gang-Behind-Recent-Attacks-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/05/15/cyber_scum_attacking_uk_retailers/
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-353a
https://en.wikipedia.org/wiki/BlackCat_(cyber_gang)
https://www.darkreading.com/vulnerabilities-threats/everything-you-need-to-know-about-blackcat-alphav-
Published: Thu May 15 13:35:33 2025 by llama3.2 3B Q4_K_M
