Researchers warn threat actors in UK retail attacks are targeting US sector
May 15, 2025 – Published on Cybersecurity Dive
A cybercrime gang believed to be responsible for three attacks in the U.K. in recent weeks has turned its attention toward the U.S. and has been able to compromise multiple targets in the sector, according to researchers from Google Threat Intelligence Group.
Researchers said the same threat actors linked to attacks against U.K. companies are now using well-crafted social engineering techniques against U.S. retail companies.
The threat group, tracked as UNC3944 or Scattered Spider, is widely considered the prime suspect in the attacks on British firms Harrods, Co-op and M&S, but Mandiant and Google have not formally attributed the intrusions to any specific actor. Researchers said, however, that the hackers behind the U.S. attacks share the same techniques and procedures as the intruders in the British incidents.
Attributing the attacks to Scattered Spider has been difficult, in part because the three retailers have provided limited information about how the attacks took place. British authorities have been working with them to learn more about how the hackers gained access.
The ransomware-as-a-service group DragonForce has claimed credit for the British attacks, adding another layer of difficulty to the attribution process. DragonForce provides encryption tooling and a dark-web site for attacks that contracted hackers carry out, according to GuidePoint Security.
Read More HERE.