CyberSecurity news
FlagThis
@cyble.com
//
UK retailers have been targeted by a series of cyberattacks, prompting a national alert from the National Cyber Security Centre (NCSC). These attacks involved ransomware tactics and social engineering, leading to system disruptions and data breaches at several high-profile retail chains. The NCSC has issued a wake-up call to organizations, urging them to bolster their cybersecurity posture amid the growing threats. Attackers have also been impersonating IT helpdesks, tricking employees into handing over login credentials and security codes to gain access to company systems.
Marks & Spencer, Co-op, and Harrods have all been targeted recently, with DragonForce, an infamous ransomware group, claiming responsibility for the disruptions. The initial breach occurred at M&S, followed by an attempted hack at Harrods just days after the Co-op breach. Co-op revealed that its recent breach was more serious than initially reported, with a significant amount of data from current and former customers stolen. Attackers stole names and contact information in the Co-op breach but did not access passwords, payment data, or transaction histories. M&S has suspended online orders and is working to restore affected systems.
Mandiant has linked the DragonForce ransomware attacks on UK retailers to UNC3944 tactics, highlighting links to RansomHub. UNC3944, also known as Scattered Spider, is a financially motivated threat actor known for its persistent use of social engineering and bold interactions with victims. DragonForce operates under a ransomware-as-a-service (RaaS) model, where affiliates carry out the attacks, keeping most of the ransom, while the group provides the tools and hosts leak sites. The NCSC warns organizations to remain vigilant, with DragonForce hinting at more attacks in the near future.
ImgSrc: cyble.com
References :
Marks & Spencer, Co-op, and Harrods have all been targeted recently, with DragonForce, an infamous ransomware group, claiming responsibility for the disruptions. The initial breach occurred at M&S, followed by an attempted hack at Harrods just days after the Co-op breach. Co-op revealed that its recent breach was more serious than initially reported, with a significant amount of data from current and former customers stolen. Attackers stole names and contact information in the Co-op breach but did not access passwords, payment data, or transaction histories. M&S has suspended online orders and is working to restore affected systems.
Mandiant has linked the DragonForce ransomware attacks on UK retailers to UNC3944 tactics, highlighting links to RansomHub. UNC3944, also known as Scattered Spider, is a financially motivated threat actor known for its persistent use of social engineering and bold interactions with victims. DragonForce operates under a ransomware-as-a-service (RaaS) model, where affiliates carry out the attacks, keeping most of the ransom, while the group provides the tools and hosts leak sites. The NCSC warns organizations to remain vigilant, with DragonForce hinting at more attacks in the near future.
ImgSrc: cyble.com
Share:
References :
- www.sentinelone.com: DragonForce Ransomware Gang | From Hacktivists to High Street Extortionists
- doublepulsar.com: DragonForce Ransomware Cartel attacks on UK high street retailers: walking in the front door
- securityaffairs.com: DragonForce group claims the theft of data after Co-op cyberattack
- BleepingComputer: Co-op confirms data theft after DragonForce ransomware claims attack
- Resources-2: Retail Under Fire: Inside the DragonForce Ransomware Attacks on Industry Giants
- DataBreaches.Net: Co-op hackers boast of ‘stealing 20 million customers’ data’ – as retailer admits impacts of ‘significant’ attack
- www.bbc.co.uk: BBC News reports on the Co-op cyberattack, confirming the theft of a 'significant' amount of data by the DragonForce hackers.
- Rescana: Detailed Report on the DragonForce Cyber Attack on Co-op Introduction: The DragonForce cyber attack on Co-op has emerged as a significant...
- cyble.com: Cyberattacks Hit Leading UK Retailers as NCSC Urges Stronger Defences
- arcticwolf.com: Uptick in Ransomware Threat Activity Targeting Retailers in the UK
- cyble.com: Cyberattacks Hit Leading UK Retailers as NCSC Urges Stronger Defences
- arcticwolf.com: Uptick in Ransomware Threat Activity Targeting Retailers in the UK
- CyberInsider: Co-op has officially confirmed that hackers accessed and exfiltrated member data in a recent cyberattack, marking a significant escalation in a wave of coordinated intrusions targeting UK retail giants.
- cyberinsider.com: Cyber Insider reports on Co-op Confirms Member Data Breach Following Cyberattack Incident
- bsky.app: NCSC warns of IT helpdesk impersonation trick being used by ransomware gangs after UK retailers attacked.
- industrialcyber.co: Mandiant links DragonForce ransomware attacks on UK retailers to UNC3944 tactics, highlighting links to RansomHub
- phishingtackle.com: Rise In Cyberattacks On UK Retailers Sparks National Alert
- www.cysecurity.news: UK Retail Sector Hit by String of Cyberattacks, NCSC Warns of Wake-Up Call
Classification:
- HashTags: #Ransomware #CyberSecurity #Retail
- Company: UK Retailers
- Target: UK Retailers
- Attacker: UNC3944
- Product: Retail
- Feature: Ransomware
- Malware: DragonForce
- Type: Ransomware
- Severity: Major