UK police looking at ‘range’ of potential perpetrators behind retail cyberattacks

Avatar

Paul Foster, the head of the national cybercrime unit at Britain’s National Crime Agency (NCA), said the ongoing investigation into a spate of recent cyberattacks against the retail sector was considering “a range” of different perpetrators who could have been responsible.

Among these is an international threat group tracked as Scattered Spider, Foster acknowledged to BBC News, but he stressed the NCA was considering different hypotheses and was going to “follow the evidence to get to the offenders.”

The similarities between attacks previously attributed to Scattered Spider and a spate of incidents impacting British retailers Marks & Spencer, the Co-op and the London-based luxury store Harrods, have prompted speculation that the loosely-affiliated criminal subculture is involved, however there has not yet been a confident assessment from professionals that this is the case.

These attacks have led to widespread concern and disruption, with shelves in numerous M&S and Co-op stores running empty due to those companies’ logistics systems either being directly impacted by the hackers or taken offline as a precautionary measure.

Google warned last week that while it suspected the attacks were “linked to UNC3944, also known as Scattered Spider,” it could not confirm whether they were part of the same criminal grouping.

Earlier this month the National Cyber Security Centre said it was “not yet in a position to say if these attacks are linked, if this is a concerted campaign by a single actor or whether there is no link between them at all.” The agency did not respond to an enquiry on Wednesday regarding whether that was still the case.

Read more: M&S says cyberattack will hit profits by £300 million, disruption to last until July

The broader Scattered Spider group is believed to be responsible for ransomware attacks two years ago on casino giants MGM Resorts and Caesars Entertainment, prompting a warning from U.S. cybersecurity officials about the criminals’ SIM-swapping and social engineering activities.

Last July, police in the United Kingdom arrested a teenager for his alleged role in the MGM attack. Five other alleged members, all U.S. citizens, were last November charged for their alleged involvement with the group.

The group appeared to have disbanded following those arrests, but it had caught widespread attention with several high-profile attacks, including on the networks of Coinbase, Twilio, Mailchimp, LastPass, Riot Games and Reddit.

CybercrimeIndustryGovernmentNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.

 

Total
0
Shares
Previous Post

Fake Kling AI Facebook Ads Deliver RAT Malware to Over 22 Million Potential Victims

Next Post

M&S says cyberattack will hit profits by £300 million, disruption to last until July

Related Posts

Researchers Uncover ECScape Flaw in Amazon ECS Enabling Cross-Task Credential Theft

Cybersecurity researchers have demonstrated an "end-to-end privilege escalation chain" in Amazon Elastic Container Service (ECS) that could be exploited by an attacker to conduct lateral movement, access sensitive data, and seize control of the cloud environment. The attack technique has been codenamed ECScape by Sweet Security researcher Naor Haziz, who presented the findings today at the
Avatar
Read More