ARTICLE AD BOX
The hackers responsible for attacking M&S and other UK retailers are now targeting stores in the US, Google has warned.
The tech giant issued a statement on Wednesday urging US firms to take extra caution against potential cyber attacks from the hacking group ‘Scattered Spider’.
"US retailers should take note. These actors are aggressive, creative, and particularly effective at circumventing mature security programs," said John Hultquist, an analyst at Google's cyber security arm.
Scattered Spider is a nickname for a loosely interconnected network of hackers of varying levels of sophistication, and is widely reported to have been behind the highly disruptive hack at M&S, whose online operations have been frozen since 25 April.
The Scattered Spider-connected group has a history of focusing on a single sector at a time and is likely to target retail for a while longer, Hultquist said.
Hackers from the Scattered Spider ecosystem have been behind a slew of disruptive break-ins on both sides of the Atlantic.
In 2023, hackers tied to the group made headlines for hacking casino operators MGM Resorts International and Caesars Entertainment.
Law enforcement has struggled to get a handle on hackers tied to Scattered Spider, in part because of the group's amorphousness, the hackers' youth, and a lack of cooperation from cybercrime victims.
The FBI and the Cybersecurity and Infrastructure Security Agency, America's civilian cyberdefense body, did not return a message seeking comment.
Christian Beckner, a vice president with the National Retail Federation, said his members were already alert to the risk of disruptive intrusions from Scattered Spider-linked groups.
"We've been closely tracking everything going on in the UK over the past few weeks," he said. "There aren't geographic boundaries on these threats."
The Retail & Hospitality ISAC, an information-sharing group whose core members include Albertsons, Costco, McDonald's, and Lowe's, said it was working with Google to prepare a briefing for its membership.
On Tuesday, M&S announced that some customer data had been accessed as a result of the recent cyber attack, though claimed that it did not include usable payment details or passwords.
“As we continue to manage the current cyber incident, we have written to customers to let them know that unfortunately the nature of the incident means some personal customer data has been taken,” the company said.
Additional reporting from agencies
English (US) ·