Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

Marks & Spencer Confirms Sophisticated Social Engineering Attack Led to Massive Ransomware Attack



Marks & Spencer has confirmed that a sophisticated social engineering attack led to its network being breached, resulting in a massive ransomware attack. The company attributed the breach to the DragonForce gang and revealed that approximately 150GB of data were stolen during the attack. This incident highlights the growing concern over the use of social engineering tactics in cyberattacks and underscores the need for greater awareness and vigilance across the retail sector.


  • Marks & Spencer (M&S) was breached through a sophisticated social engineering attack.
  • The attack occurred on April 17th, using a "sophisticated impersonation attack," and involved a third-party entity to compromise the network.
  • Approximately 150GB of data were stolen in the ransomware attack attributed to the DragonForce gang.
  • M&S took a hands-off approach with the threat actors, opting for professional help instead of engaging directly.
  • The implications of this attack highlight the need for greater awareness and vigilance across the retail sector in the UK.
  • The involvement of Scattered Spider underscores the growing concern over evolving tactics, techniques, and procedures (TTPs) employed by ransomware gangs.



  • In a shocking revelation, Marks & Spencer (M&S) has confirmed that a sophisticated social engineering attack led to the company's network being breached, resulting in a massive ransomware attack. The confirmation was made by Archie Norman, the chairman of M&S, during a hearing with the UK Parliament's Business and Trade Sub-Committee on Economic Security. This development marks a significant escalation in the growing concern over the use of social engineering tactics in cyberattacks.

    According to Norman, the initial breach occurred on April 17th through a "sophisticated impersonation attack." The threat actors, who were able to trick M&S into resetting an employee's password, employed a third-party entity to further compromise the network. This brazen tactic highlights the importance of employees' vigilance in preventing such attacks.

    The subsequent ransomware attack, attributed to the notorious DragonForce gang, resulted in significant damage to M&S' network. The company was forced to shut down all systems to prevent the spread of the attack, but unfortunately, it was too late, and approximately 150GB of data were stolen. This is a stark reminder of the devastating consequences that can result from such attacks.

    The DragonForce ransomware operation employs a double-extortion tactic, which involves not only encrypting devices but also stealing data and threatening to publish it if a ransom is not paid. In this case, M&S reportedly took a hands-off approach when dealing with the threat actors, opting instead to leave the matter to professionals who specialize in ransomware negotiations.

    This decision was likely taken due to the potential risks associated with engaging with the attackers directly. By not discussing the ransom demands publicly, Norman suggested that the company felt it was not in the public interest to reveal such details. However, experts warn that ransomware gangs rarely do anything for free, and if data was stolen without being leaked, either a payment has been made or the threat actors are still negotiating with M&S.

    The implications of this attack extend beyond M&S, highlighting the need for greater awareness and vigilance across the retail sector in the UK. The use of social engineering tactics is becoming increasingly sophisticated, making it essential for organizations to remain vigilant and implement robust security measures to prevent such breaches.

    Furthermore, the involvement of Scattered Spider, a threat actor linked to the DragonForce ransomware operation, underscores the growing concern over the evolving tactics, techniques, and procedures (TTPs) employed by these groups. Understanding these TTPs is crucial for organizations to develop effective countermeasures against such attacks.

    In conclusion, the revelation that M&S' network was breached through a sophisticated social engineering attack serves as a stark reminder of the risks associated with cyberattacks. As the retail sector continues to grapple with the challenges posed by ransomware gangs, it is essential for organizations to prioritize employee education and security measures to prevent such breaches.

    The attack also highlights the importance of cooperation between law enforcement agencies and companies in responding to these incidents. By sharing information and best practices, organizations can better equip themselves to respond effectively to such attacks and minimize the impact on their operations.

    In light of this development, it is essential for M&S and other organizations to review their security protocols and ensure that employees are adequately trained to recognize and prevent social engineering tactics. The use of advanced threat detection tools and incident response plans will also be crucial in mitigating the effects of such attacks.

    Ultimately, the successful prevention and mitigation of ransomware attacks require a multi-faceted approach that involves not only technical solutions but also employee education and awareness. By adopting this comprehensive approach, organizations can significantly reduce their vulnerability to such attacks and minimize the impact on their operations.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/Marks--Spencer-Confirms-Sophisticated-Social-Engineering-Attack-Led-to-Massive-Ransomware-Attack-ehn.shtml

  • https://www.bleepingcomputer.com/news/security/mands-confirms-social-engineering-led-to-massive-ransomware-attack/


  • Published: Tue Jul 8 16:26:39 2025 by llama3.2 3B Q4_K_M













    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us