7 hours ago
2
A hacker community known as Scattered Spider is a key suspect in a criminal inquiry into cyber-attacks against UK retailers including Marks & Spencer, detectives have said.
Scattered Spider, a loose collective of native English-speaking cybercriminals, has been strongly linked with hacks against M&S, the Co-op and Harrods. M&S said on Wednesday it will take an estimated £300m hit to profits after its systems were hacked last month.
The UK’s National Crime Agency, whose remit includes combating cybercrime, said the group was a focus in its investigations.
“We are looking at the group that is publicly known as Scattered Spider, but we’ve got a range of different hypotheses and we’ll follow the evidence to get to the offenders,” Paul Foster, the head of the NCA’s national cybercrime unit, told the BBC.
He added: “In light of all the damage that we’re seeing, catching whoever is behind these attacks is our top priority.”
Last week Google told the Guardian that UK-based members of Scattered Spider were actively “facilitating” cyber-attacks, as it warned that attempts to enter UK retailers’ systems were now being replicated in the US.
The focus on a particular industry and geography is a common tactic of the Scattered Spider community, which communicates on platforms such as Discord and Telegram.
The M&S hackers have deployed ransomware, or malicious software that locks up a target’s files, which is a cybercrime typically associated with Russian-speaking gangs and not native English speakers based in the UK or US.
“We know that Scattered Spider are largely English-speaking but that doesn’t necessarily mean that they’re in the UK. We know that they communicate online among themselves in a range of different platforms and channels, which is, I guess, key to their ability to then be able to operate as a collective,” Foster said.
It has been reported that the hackers have used ransomware called DragonForce, in a ransomware-as-a-service operation where hackers use another group’s malware and infrastructure in exchange for a cut of any financial proceeds from the attack. Ransomware attackers demand a sum, usually paid in cryptocurrency, in exchange for unlocking any hacked files and returning stolen data.
after newsletter promotion
An insight into Scattered Spider’s alleged personnel was published by the US Department of Justice last year when it charged five individuals over the targeting of unnamed American companies with “phishing” text messages.
All of the accused were in their 20s at the time they were charged. It charged four people in the US, their ages ranging from 20 to 25, as well as Tyler Buchanan, a Scottish 23-year-old who has been deported to the US from Spain.
Google also said that “younger members” of the network carry out some tasks, such as ringing up a company’s IT help desk and pretending to be an employee or contractor in order to gain access to computer systems. The BBC quoted a former teenage hacker who said it “wouldn’t surprise me” if teen hackers were behind the retail attacks.
