CyberSecurity news
FlagThis
Shivani Tiwari@cysecurity.news
//
The UK's National Cyber Security Centre (NCSC) has issued an advisory following a series of cyberattacks targeting major UK retailers, including Marks & Spencer (M&S), Co-op, and Harrods. These incidents, which began in April 2025, have prompted warnings for organizations to remain vigilant and implement robust cybersecurity measures. The NCSC is working closely with affected organizations to understand the nature of the intrusions and provide targeted advice to the broader retail sector.
The NCSC's advice strongly suggests the involvement of Scattered Spider, a group of English-speaking cyber criminals previously linked to breaches at MGM Resorts and Caesars Entertainment in the U.S. Scattered Spider is believed to have deployed ransomware to encrypt key systems at M&S, causing significant disruption, including the suspension of online sales. Authorities are urging security teams to implement multi-factor authentication, monitor for risky logins, and review help desk login procedures to mitigate potential ransomware attacks.
While investigations are ongoing to determine if the attacks are linked or the work of a single actor, reports suggest that a group called DragonForce may also be involved. DragonForce operates as a ransomware-as-a-service, providing tools and infrastructure for contracted hackers. The NCSC emphasizes that all organizations should follow the advice on its website to ensure they have appropriate measures in place to prevent attacks and effectively respond to and recover from them.
ImgSrc: blogger.googleu
References :
The NCSC's advice strongly suggests the involvement of Scattered Spider, a group of English-speaking cyber criminals previously linked to breaches at MGM Resorts and Caesars Entertainment in the U.S. Scattered Spider is believed to have deployed ransomware to encrypt key systems at M&S, causing significant disruption, including the suspension of online sales. Authorities are urging security teams to implement multi-factor authentication, monitor for risky logins, and review help desk login procedures to mitigate potential ransomware attacks.
While investigations are ongoing to determine if the attacks are linked or the work of a single actor, reports suggest that a group called DragonForce may also be involved. DragonForce operates as a ransomware-as-a-service, providing tools and infrastructure for contracted hackers. The NCSC emphasizes that all organizations should follow the advice on its website to ensure they have appropriate measures in place to prevent attacks and effectively respond to and recover from them.
ImgSrc: blogger.googleu
Share:
References :
- bsky.app: Beware phony IT calls after Co-op and M&S hacks, says UK cyber centre. The NCSC advice is the strongest hint yet the hackers are using tactics most commonly associated with a collective of English-speaking cyber criminals nicknamed Scattered Spider.
- slcyber.io: Scattered Spider Linked to Marks & Spencer Cyberattack
- www.cybersecuritydive.com: UK authorities warn of retail-sector risks following cyberattack spree
- cyble.com: Multiple cyberattacks have recently struck some of the UK’s most iconic retailers, prompting concern from industry leaders and cybersecurity authorities. Among the affected organizations are Harrods, Marks & Spencer, and the Co-op, all of which have confirmed incidents targeting their digital infrastructure in late April and early May 2025.
- research.checkpoint.com: For the latest discoveries in cyber research for the week of 5th May, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Three major UK retailers – Co-op, Harrods and Marks & Spencer (M&S) – were hit by cyberattacks that disrupted operations and compromised sensitive data. The attacks are believed linked to the Scattered
- www.itpro.com: Following recent attacks on retailers, the NCSC urges other firms to make sure they don't fall victim too
- www.ncsc.gov.uk: A joint blog post by the NCSC’s National Resilience Director, Jonathon Ellison, and Chief Technology Officer, Ollie Whitehouse.
- BleepingComputer: UK shares security tips after major retail cyberattacks
- cyble.com: Multiple cyberattacks have recently struck some of the UK’s most iconic retailers, prompting concern from industry leaders and cybersecurity authorities. Among the affected organizations are Harrods, Marks & Spencer, and the Co-op, all of which have confirmed incidents targeting their digital infrastructure in late April and early May 2025. The UK’s National Cyber Security Centre (NCSC) is currently working alongside these retailers to investigate the attacks and mitigate potential damage.
- phishingtackle.com: Co-op has revealed that its recent breach was far more serious than initially reported, with a significant amount of data from current and former customers stolen. The National Cyber Security Centre (NCSC) has since warned that cybercriminals are impersonating IT … The post appeared first on .
- bsky.app: NCSC warns of IT helpdesk impersonation trick being used by ransomware gangs after UK retailers attacked. https://www.exponential-e.com/blog/ncsc-warns-of-it-helpdesk-impersonation-trick-being-used-by-ransomware-gangs-after-uk-retailers-attacked
- www.cysecurity.news: The disruption caused by the recent incidents impacting the retail sector are naturally a cause for concern to those businesses affected, their customers and the public,†said NCSC CEO Dr Richard Horne.
- www.exponential-e.com: NCSC warns of IT helpdesk impersonation trick being used by ransomware gangs after UK retailers attacked.
Classification:
- HashTags: #ScatteredSpider #CyberAttacks #Retailers
- Company: NCSC
- Target: UK Retailers
- Attacker: Scattered Spider
- Product: Retail CyberSecurity
- Feature: Phony IT Calls
- Type: Cyber Attack
- Severity: Major