Ethical Hacking News
Hackers behind UK retail attacks now targeting US companies, according to Google Threat Intelligence Group. The collective of threat actors known as Scattered Spider has expanded its reach, breaching high-profile organizations worldwide with sophisticated social engineering tactics.
Scattered Spider, a collective of threat actors, is targeting the US retail sector with ransomware and extortion operations. The group has already breached several high-profile organizations, including Marks & Spencer, Co-op, and Harrods. Scattered Spider's DragonForce ransomware operation offers a white-label service for other cybercrime groups to expand their reach. Google warns that hackers using Scattered Spider tactics are also targeting retailers in the US. The group uses sophisticated social engineering tactics, including phishing and SIM swapping.
Scattered Spider, a collective of threat actors known for their sophisticated social engineering tactics and ability to breach high-profile organizations worldwide, has set its sights on the retail sector in the United States. According to John Hultquist, Chief Analyst at Google Threat Intelligence Group, the US retail sector is currently being targeted in ransomware and extortion operations that are suspected to be linked to UNC3944, also known as Scattered Spider.
The threat actors, who have a history of focusing their efforts on a single sector at a time, have already shown a pattern of behavior in their attacks. In April, they targeted British retail giant Marks & Spencer (M&S), breaching the company's network through a ransomware attack that encrypted virtual machines on VMware ESXi hosts with a DragonForce encryptor. The attack was attributed to Octo Tempest, Microsoft's name for Scattered Spider.
Since then, the threat actors have also breached Co-op and Harrods, stealing data from both companies. While a breach at Harrods has not been confirmed, it is believed that the company took steps to restrict internet access to certain sites as a precautionary measure against further attacks.
The DragonForce ransomware operation, which surfaced in December 2023, has recently begun advertising a new service designed to allow other cybercrime groups to white-label their services. This move suggests that Scattered Spider is expanding its reach and capabilities, making it an even more formidable threat to organizations worldwide.
Google warned today that hackers using Scattered Spider tactics against retail chains in the United Kingdom have also started targeting retailers in the United States. The company's Threat Intelligence Group has identified a link between the US retail sector and the UNC3944 group, also known as Scattered Spider.
The Scattered Spider threat actors are believed to be a fluid collective of threat actors who use sophisticated social engineering tactics, including phishing, SIM swapping, and multi-factor authentication (MFA) bombing. Their attacks have escalated in recent months, with breaches at high-profile organizations such as MGM Resorts, Twilio, Coinbase, DoorDash, Caesars, MailChimp, Riot Games, and Reddit.
Some Scattered Spider threat actors are also believed to be part of the "Com," a loosely connected community involved in cyberattacks and violent acts. These cybercriminals are as young as 16 and frequently communicate with each other on Telegram channels, Discord servers, and hacker forums.
The UK National Cyber Security Centre (NCSC) has published guidance to help UK organizations strengthen their cybersecurity defenses and has cautioned that these cyberattacks should be seen as a "wake-up call," as any of them could become the next target. However, the NCSC has yet to attribute these incidents to a specific hacking group or threat actor and is still working with victims to determine the origin of the attacks.
In light of this growing threat, US retailers are being warned to take note of the potential risks posed by Scattered Spider. The company's Threat Intelligence Group advises that organizations should prioritize their cybersecurity defenses and be prepared for any possible attack.
Meanwhile, in related news, Nucor Corporation has faced disruptions following a cyberattack, while Google has agreed to pay $1.375 billion to settle Texas data privacy violations. Additionally, Google Chrome will use on-device AI to detect tech support scams, and Steel giant Argo is expanding its "Advanced Protection" with device-level security.
Overall, the rise of Scattered Spider highlights the evolving threat landscape in the retail sector and underscores the need for organizations worldwide to prioritize their cybersecurity defenses. As the threat actors continue to adapt and evolve, it is essential that defenders stay vigilant and take proactive steps to protect themselves against this growing threat.
Related Information:
https://www.ethicalhackingnews.com/articles/Hackers-Behind-UK-Retail-Attacks-Now-Targeting-US-Companies-The-Rise-of-Scattered-Spider-ehn.shtml
https://www.bleepingcomputer.com/news/security/google-scattered-spider-switches-targets-to-us-retail-chains/
https://www.bleepingcomputer.com/news/security/microsoft-octo-tempest-is-one-of-the-most-dangerous-financial-hacking-groups/
https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/
Published: Wed May 14 16:10:05 2025 by llama3.2 3B Q4_K_M
