Hackers Now Targeting Us Retailers After Uk Attacks, Google

Hackers from nan Scattered Spider group, known for UK unit attacks, are now targeting US retailers, Google cybersecurity experts person warned.

The notorious cybercriminal group Scattered Spider is now actively targeting unit companies successful nan United States, pursuing a drawstring of disruptive attacks against akin businesses successful nan United Kingdom.

This informing comes straight from cybersecurity experts astatine Google Threat Intelligence Group (GTIG) and Google subsidiary Mandiant, who item nan group’s effectiveness astatine bypassing moreover beardown information measures.

“The US unit assemblage is presently being targeted successful ransomware and extortion operations that we fishy are linked to UNC3944, besides known arsenic Scattered Spider,” John Hultquist, Google’s cybersecurity analyst, stated. 

It is worthy noting that Scattered Spider (aka UNC3944) is nan primary suspect successful nan caller attacks connected UK clasp giants Harrods, Co-op, and M&S, but UK’s National Cyber Security Centre (NCSC), Mandiant and Google person not formally attributed them to immoderate circumstantial character arsenic yet. However, GTIG researchers propose that nan hackers targeting US retailers stock akin techniques and procedures arsenic nan culprits down nan British incidents.

Researchers noted a possible link betwixt DragonForce ransomware operators and Scattered Spider. The erstwhile took work for attempted caller attacks connected respective UK retailers, utilizing strategies akin to Scattered Spider. Moreover, some were associated pinch nan now-defunct RaaS level RansomHub.

However, GTIG could not corroborate nan nexus betwixt UNC3944/DragonForce and rising unit information leaks. Still, nan expanding beingness of unit victims connected information leak sites (11% successful 2025, up from erstwhile years) suggests that threat actors find this assemblage charismatic owed to ample PII/financial information holdings and their willingness to salary ransom to support transaction processing.

As per Hackread.com’s past reporting, Scattered Spider is simply a financially motivated threat character known for utilizing societal engineering techniques. They gained notoriety for hacking casino giants MGM Resorts International and Caesars Entertainment successful 2023. They initially targeted telecommunications companies for SIM swapping and later started deploying ransomware to extort victims.

They are besides known for phishing attempts and MFA bombing, wherever they bombard targets pinch multi-factor authentication requests. Typically, UNC3944 goes aft established enterprises, specifically organizations pinch ample thief desks and outsourced IT departments, arsenic these are much susceptible to their blase societal engineering techniques.

GTIG’s study reveals that since early 2023 UNC3944 has targeted a divers scope of sectors, including Technology, Telecommunications, Financial Services, Business Process Outsourcing (BPO), Gaming, Hospitality, Retail, and Media & Entertainment organizations. Geographically, their superior targets person been moreover much diverse, including nan US, Canada, nan UK, Australia, Singapore and India.

Image: Google

The Retail & Hospitality ISAC, an information-sharing group that includes awesome players for illustration Albertsons, Costco, McDonald’s, and Lowe’s, has acknowledged nan threat and is moving pinch Google to supply its members pinch elaborate briefings and guidance connected really to fortify their defences against this evolving threat. The informing from Google serves arsenic a clear awesome for US retailers to beryllium connected precocious alert and to reappraisal their information protocols.

Chad Cragle, CISO astatine Deepwatch, a San Francisco, Calif.-based AI+Human Cyber Resilience Platform:

“Scattered Spider (UNC3944) uses blase societal engineering to infiltrate and deploy ransomware. To take sides against this group, unafraid privileged accounts, instrumentality phishing-resistant MFA, and verify each help-desk personality request.“

“Retailers are peculiarly vulnerable, arsenic they grip ample amounts of costs data, negociate intricate proviso chains, and run nether important uptime unit that often encourages ransom payments,“ Chad warned. “However, organizations pinch valuable information and captious readiness needs are arsenic astatine risk.“