CyberSecurity news
FlagThis
Mayura Kathir@gbhackers.com
//
Scattered Spider, a sophisticated hacking collective known for its social engineering tactics, has allegedly breached Marks & Spencer by targeting the company's IT help desk. The cybercriminals reportedly duped an IT help desk employee into resetting a password, which then granted them access to internal networks. This breach is said to have disrupted M&S's online operations, leading to the temporary suspension of online orders, as reported between April and May 2025. Scattered Spider, also known as UNC3944, Octo Tempest, and Muddled Libra, has become prominent for using social engineering to exploit corporate service desks.
This attack on Marks & Spencer is part of a broader trend impacting UK retailers. The National Cyber Security Centre (NCSC) has issued warnings to organizations, urging them to be wary of phony IT helpdesk calls. Other retailers such as Co-op and Harrods have also been linked to attacks resulting in stolen member data and crippled payment systems. Any organization with a service desk is theoretically vulnerable to these low-tech, high-impact tactics employed by Scattered Spider and similar groups.
Scattered Spider is believed to be composed of young US and UK citizens who are part of a collective known as "The Comm," an underground community of English-speaking criminals that communicates and coordinates using social media platforms like Discord or Telegram. While five users associated with Scattered Spider, including the alleged leader, were detained in the first half of 2024, the complete composition of the group remains undetermined. After a period of relative silence following these arrests, Scattered Spider has resurfaced with this latest string of attacks on UK retail brands, prompting renewed cybersecurity concerns.
ImgSrc: blogger.googleu
References :
This attack on Marks & Spencer is part of a broader trend impacting UK retailers. The National Cyber Security Centre (NCSC) has issued warnings to organizations, urging them to be wary of phony IT helpdesk calls. Other retailers such as Co-op and Harrods have also been linked to attacks resulting in stolen member data and crippled payment systems. Any organization with a service desk is theoretically vulnerable to these low-tech, high-impact tactics employed by Scattered Spider and similar groups.
Scattered Spider is believed to be composed of young US and UK citizens who are part of a collective known as "The Comm," an underground community of English-speaking criminals that communicates and coordinates using social media platforms like Discord or Telegram. While five users associated with Scattered Spider, including the alleged leader, were detained in the first half of 2024, the complete composition of the group remains undetermined. After a period of relative silence following these arrests, Scattered Spider has resurfaced with this latest string of attacks on UK retail brands, prompting renewed cybersecurity concerns.
ImgSrc: blogger.googleu
Share:
References :
- cyble.com: Cyberattacks Hit Leading UK Retailers as NCSC Urges Stronger Defences
- specopssoft.com: Scattered Spider service desk attacks: How to defend your organization
- Cybersecurity Blog: The Marks and Spencer Cyber Attack: Everything You Need to Know
- Malware ? Graham Cluley: NCSC warns of IT helpdesk impersonation trick being used by ransomware gangs after UK retailers attacked
- www.cysecurity.news: M&S Hackers Conned IT Help Desk Workers Into Accessing Firm Systems
- bsky.app: NCSC warns of IT helpdesk impersonation trick being used by ransomware gangs after UK retailers attacked. https://www.exponential-e.com/blog/ncsc-warns-of-it-helpdesk-impersonation-trick-being-used-by-ransomware-gangs-after-uk-retailers-attacked
- gbhackers.com: Cyberattackers Targeting IT Help Desks for Initial Breach
- Delinea Blog: M&S and Co-op Breaches: Lessons in Identity Security
Classification:
- HashTags: #ScatteredSpider #SocialEngineering #CyberAttack
- Company: Marks & Spencer
- Target: Marks & Spencer
- Attacker: Scattered Spider
- Product: Service Desk
- Feature: password reset
- Type: Ransomware
- Severity: Major