Who are Scattered Spider? How the notorious hackers linked to M&S cyber attack work
M&S may have been hacked by a group of notorious cyber-criminals known as Scattered Spider, some of whom are believed to be English-speaking teenagers.
For more than a week, the British retailer has been unable to accept contactless payments and customers are also unable to shop online.
On Monday, Sky News reported that hundreds of agency workers at its main distribution centre were told to stay at home as M&S grappled with the attack.
Shoppers also complained of empty shelves around the country, as M&S confirmed there were "pockets of limited availability in some stores" as a result of measures to manage the cyber incident.
Who are Scattered Spider, the infamous group being linked to the attack?
"Scattered Spider is one of the most dangerous and active hacking groups we are monitoring," said Graeme Stewart, the head of public sector at security company Check Point.
"Since they first appeared in 2022, they have been linked to more than 100 targeted attacks across industries such as telecoms, finance, retail and gaming," he said.
In one of their most infamous hacks, members of the group locked up the networks of casino operators Caesars Entertainment and MGM Resorts International, and demanded hefty ransoms.
Caesars paid the hackers about $15m (£11.2m) to restore its network.
1:55
Who are the members of Scattered Spider?
"The group is made up of young, English-speaking individuals, mainly based in the UK and the US," said Mr Stewart.
Some members are believed to be as young as 16, with the group meeting up on hacker forums online.
The authorities have a hard time catching Scattered Spider members because they are just that: scattered.
"This is not a loose group of opportunistic hackers. They operate more like an organised criminal network, decentralised and adaptive.
"Even with several arrests made in the US and Europe, their structure allows them to regroup quickly."
Last month, an alleged Scattered Spider member was extradited to the US from Spain and charged with offences including wire fraud and aggravated identity theft.
How do they work?
The group often targets human vulnerabilities, according to Mr Stewart, rather than system flaws.
They use tactics like social engineering, where hackers trick people into letting them into systems, impersonating IT staff or SIM swapping.
SIM swapping attacks are where hackers trick phone providers into transferring a victim's phone service to a SIM card under the hacker's control.
This means the hacker can approve two-factor authentication and access the victim's private accounts as well as installing malware on certain devices.
"The attack on M&S appears to be heavily financially motivated and focused on making as much money as possible," said Jake Moore, global cybersecurity adviser at cybersecurity firm ESET.
"The gained notoriety focused on the brand - which is so entrenched in British culture and history - just places even more pressure on M&S to pay the growing demands."
1:14
What does M&S say?
Sky News contacted M&S which referred us to its previous statement.
"As part of our proactive management of a cyber incident, we have made the decision to pause taking orders via our M&S.com websites and apps.
"Our product range remains available to browse online. We are truly sorry for this inconvenience. Our stores are open to welcome customers.
"We informed customers that there was no need for them to take any action. That remains the case, and if the situation changes we will let them know."
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Guardian
23 minutes ago
- The Guardian
M&S website resumes online orders six weeks after cyber-attack
Marks & Spencer has reopened its website to shoppers, six weeks after it was forced to halt online orders after a cyber-attack. The retailer said on its website that customers 'can now place online orders with standard delivery to England, Scotland and Wales'. Deliveries to Northern Ireland 'will resume in the coming weeks'. 'We will resume click and collect, next-day delivery, nominated-day delivery and international ordering in the coming weeks,' it said. The retailer is estimated to have been losing about £25m in online clothing and homewares sales a week after it was forced to stop taking orders on its website within days of 'threat actors', thought to be a hacking collective known as Scattered Spider, gaining access to its systems over the Easter weekend. The company expects the hack to cost it up to £300m in profits this year, although about half of that is expected to be offset by insurance and other measures. It has previously said disruption to its website could last until July, and some online services are not expected to restart immediately. Shoppers have been able to browse online, as well as shop in M&S's physical stores using cash or cards for most of the period since the hack. However, stocks of food and clothing in stores have also been affected, meaning that M&S has lost out during a busy period for retailers as a warm, sunny spring has driven an unexpected rise in household spending. M&S has also admitted that some personal information relating to thousands of customers – including names, addresses, dates of birth and order histories – was taken in the cyber-attack. Sign up to Business Today Get set for the working day – we'll point you to all the business news and analysis you need every morning after newsletter promotion Stuart Machin, the chief executive of M&S, has said he expects the retailer to recover 'at pace' helped by bringing forward investment in its IT systems and website as part of the systems rebuild forced on it by the hackers. The attack on M&S emerged days before cyber-attacks were reported by the Co-op and Harrods. More recently, the sportswear brand Adidas and the lingerie group Victoria's Secret have also been targeted.
Daily Mirror
an hour ago
- Daily Mirror
Brit couple found with £1m of cannabis in luggage in latest 'drug mule' fears
Sian Warren, 34, and Daniel McDonald, 36, from Salford, have been accused of trying to smuggle cannabis valued at £1million through Heathrow Airport on their way back from Thailand A couple have been charged with trying to smuggle cannabis valued at £1million into the UK after being stopped at Heathrow Airport. Sian Warren, 34, and Daniel McDonald, 36, were on their way back from Thailand when officers from the National Crime Agency reportedly found more than 51kg of cannabis in their luggage. It is understood that the drug was in four cases that the pair were carrying. They appeared at Uxbridge Magistrates' Court where they have been charged with importing Class B drugs and have been bailed under curfew ahead of a plea hearing on June 26 at Isleworth Crown Court. Warren and McDonald, from Salford, went to Bangkok on holiday last month and Warren's dad Tony told The Sun that there must have been a mistake. He said: 'Sian's not brought anything back, definitely not. She had her own suitcase with clothes in it.' It is the latest of several incidents involving British holidaymakers who have been accused of smuggling drugs from Thailand as an expert warned that criminal gangs are 'grooming' naive tourists. In the last few weeks, three British women have hit the headlines after they were accused of attempting to smuggle drugs. Bella May Cullen, 18, was arrested after flying into Georgia from Thailand with around 14kg of cannabis and 2kg of hashish in her luggage. A day later former TUI stewardess Charlotte May Lee was allegedly caught with 46kg of Kush – a high-grade strain of cannabis – in her luggage valued at £1.2million after arriving in Sri Lanka, again from Thailand. And then it emerged another Brit, Isabella Daggett, 21, from Leeds, has been held in a hellhole Dubai prison since March, when she was arrested on suspected drugs offences. Nathan Paul Southern, the Operations Director at The EyeWitness Project, which specialises in the investigation of organised crime, conflict and corruption, says southeast Asia has now become the world 's leading supplier of both narcotics like heroin and synthetic drugs like ecstasy and crystal meth. The 'Golden Triangle' - a large mountainous region on the borders with Myanmar, Thailand and Laos, recently overtook Afghanistan as the world's largest producer of opium, used to make heroin. And he says gangs are 'flocking' to the region from around the world, where they appear to be using grooming techniques used in other types of crimes to ensnare impressionable young Westerners. Mr Southern told the Mirror: 'The idea of charming strangers grooming backpackers isn't new, it's just the same old tactics in a region with a booming drug trade. The same grooming techniques we've seen in romance scams and human trafficking could be getting adapted for drug smuggling.
Daily Mirror
7 hours ago
- Daily Mirror
Return of the Mack star Mark Morrison's team hit out as battery charge dropped
Mark Morrison, whose song Return of the Mack topped the UK charts in 1996, was taken into custody on Saturday but denied that any battery occurred at Le Bar à Vin in Palm Beach, Florida A battery charge against British singer Mark Morrison - best known for his 1996 hit Return of the Mack - has been dropped. The musician, 51, was taken into custody on Saturday after an alleged altercation at Le Bar à Vin in Palm Beach, Florida. However, the star's lawyers have today confirmed he was at the restaurant to talk to the manager and attempt to collect payment on behalf of a local singer who had performed at the venue. Although the "conversation escalated", Mr Morrison's lawyers said no physical altercation happened and now police have been able to dismiss the battery charge. In a statement, King Legal Group said: "The decision to nolle prosse (formally decline prosecution) ends what should never have been a criminal matter in the first place. "Mr Morrison has consistently and unequivocally denied that any battery occurred. There was no physical altercation—only a demand for fairness and accountability. The evidence never supported criminal intent or conduct." The legal team explained how Mr Morrison, whose track Return of the Mack spent two weeks as UK number one in April 1996, values standing up for what he believes in. However, they suggested race may have played a role in how the singer was treated. "While we are relieved the State has dismissed the charge, the underlying context cannot be ignored. The refusal to pay — coupled with how quickly the situation was criminalised — raises legitimate concerns about whether race played a role in how Mr Morrison was treated. It's not lost on us that advocating for fair pay, especially as a Black man in a position of leadership, can be met with suspicion instead of dialogue," the statement added. "Mr Morrison has spent years supporting local artists and standing up for what's right. That won't change. He is grateful for those who stood by him, and he remains committed to uplifting the artistic community in Palm Beach County and beyond. Towards that end, and in furtherance of Mr Morrison's commitment to his community, he is donating the $1000.00 (£730) bond used to secure his appearance, to Little Smiles, a local children's charity." Mr Morrison posed for a mugshot in a blue jumpsuit before he was released on Sunday morning. The musician has had a long history of both musical success and legal troubles. He burst onto the music scene in the mid-90s, enjoyed significant success with Return of the Mack. The song became an anthem of its time, widely regarded as one of the defining tracks of the 1990s R&B movement. Its success propelled Mr Morrison into the spotlight, and he quickly became one of the genre's most promising stars.
