CyberSecurity news

FlagThis

Dissent@DataBreaches.Net //

Marks & Spencer Cyberattack Linked to Scattered Spider

British retailer Marks & Spencer (M&S) has been hit by a significant cyberattack, causing disruptions to its online order system and in-store contactless payments. The incident, which began last week, led to the temporary suspension of online orders and refunds for some customers. Cyber security experts now suspect the infamous Scattered Spider hacking collective is behind the attack, potentially crippling the retailer's systems and its ecommerce operation.

BleepingComputer reports that the ongoing outages at M&S are likely the result of a ransomware attack. The Scattered Spider group, known for targeting major organizations, is believed to have initially breached M&S's systems as early as February, allegedly stealing the NTDS.dit file from the Windows domain. This file contains user account and password information, enabling the attackers to move laterally across the network and gain control over more systems. The group then reportedly deployed the DragonForce encryptor against M&S’s virtual machines running on VMware ESXi hosts, launching the main attack on April 24th.

The cyberattack's impact extends beyond online services. M&S has acknowledged "pockets of limited availability" in its physical stores, with reports of empty shelves nationwide, indicating disruptions to the supply chain. Scattered Spider, also known as Octo Tempest, is a cybercriminal collective known for its sophisticated social engineering tactics, phishing, and multi-factor authentication (MFA) bombing, posing a significant threat to large enterprises. The attack on M&S underscores the urgent need for organizations to bolster their cybersecurity defenses and remain vigilant against evolving threats.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • bsky.app: Cyber security website @bleepingcomputer.com now reporting that the M&S hackers could be from Scattered Spider
  • hackread.com: Scattered Spider Suspected in Major M&S Cyberattack
  • research.checkpoint.com: British retailer Marks & Spencer (M&S) experienced a cyber-attack that caused disruptions to its online order system and in-store contactless payments.
  • ComputerWeekly.com: The infamous Scattered Spider hacking collective may have been behind the ongoing cyber attack on Marks and Spencer that has crippled systems at the retailer and left its ecommerce operation in disarray.
  • DataBreaches.Net: Marks & Spencer breach linked to Scattered Spider ransomware attack
  • BleepingComputer: Marks and Spencer breach linked to Scattered Spider ransomware attack.
  • Tech Monitor: Cyberattack at Marks & Spencer, suspected to involve Scattered Spider hackers.
  • www.bleepingcomputer.com: Marks & Spencer breach linked to Scattered Spider ransomware attack
  • www.helpnetsecurity.com: Threat actors are from Scattered Spider, and that M&S’s virtual machines on VMware ESXi hosts have been encrypted with the DragonForce encryptor
  • Help Net Security: Marks & Spencer cyber incident linked to ransomware group
  • blog.checkpoint.com: The incident report details the significant disruptions to the retailer's systems, prompting the suspension of online orders and refunds for impacted customers.
  • Check Point Research: The British retailer Marks & Spencer (M&S) experienced a cyber-attack that caused disruptions to its online order system and in-store contactless payments.
  • Danny Palmer: The Co-op has been forced to shut down parts of its IT system after discovering an attempted hack only days after the fellow retailer Marks & Spencer faced a serious cyber incident.
  • Silicon Republic: M&S woes continue as Scattered Spider ransomware suspected
  • ComputerWeekly.com: The infamous Scattered Spider hacking collective may have been behind the ongoing cyber attack on Marks and Spencer that has crippled systems at the retailer and left its ecommerce operation in disarray.
  • www.cybersecurity-insiders.com: DragonForce Ransomware behind Mark and Spencer digital outage
  • www.cybersecurity-insiders.com: Almost a week ago, renowned UK-based retailer Marks & Spencer (M&S) became the victim of a devastating cyber attack that left the company in full-blown disruption mode.
  • Metacurity: Scattered Spider might be behind M&S attack
  • cyberinsider.com: Marks & Spencer has disclosed a cyberattack targeting its internal systems, leading to disruptions in back-office and customer support operations. While the incident prompted precautionary security measures, all retail stores, funeral homes, and quick commerce services remain open and fully operational.
  • Risky Business Media: British retail stalwart Marks & Spencer gets cybered
  • www.standard.co.uk: Cybersecurity researchers reported a ransomware attack on Marks & Spencer, impacting online ordering and financial systems, which was attributed to the Scattered Spider group.
  • ComputerWeekly.com: The cyberattack on Marks & Spencer (M&S) is linked to the notorious Scattered Spider group.
  • Searchlight Cyber: Scattered Spider Linked to Marks & Spencer Cyberattack
  • thecyberexpress.com: Marks & Spencer Confirms Cybersecurity Incident After Days of Service Disruptions
Classification: