DragonForce and Scattered Spider: Inside the hacker groups linked to M&S cyberattack
Marks & Spencer has finally reopened its online orders, months after a cyber attack which is set to cost the British high street retailer £300 million in profits this year.
This comes as a new hacking group has been connected with the incident, after it was revealed the DragonForce group sent M&S CEO Stuart Machin an email days after it faced a major cyberattack gloating about the hack and demanding ransom payment.
The email, seen and reported by the BBC, said: 'We have marched the ways from China all the way to the UK and have mercilessly raped your company and encrypted all the servers.'
DragonForce aren't the only group that have been connected with the attack on the retailer, as the Scattered Spider network had previously been named as the enactors of the social engineering attack.
According to Sergey Shyekevich, a researcher from cybersecurity company Checkpoint, more hacker groups are forming alliances on the dark web.
'Co-operation between two powerful groups is very interesting,' he says. 'It's one outcome we see on the dark web more and more, alliances between big groups.'
Here's all we know about the two hacker groups
What is DragonForce?
DragonForce is a hacker organisation that offers Ransomware to cyber-criminal affiliates for a 20 per cent cut of any ransoms collected. This means that for a fee, they lease out their malware through dark web marketplaces to cyber-criminals.
While the organisation originally started working in 2023, they've had a massive re-marketing of their business model in the past couple of months.
'In the last two months, they started to become very active in one of the biggest dark web forums,' says Sergey, who says they have marketed themselves as a 'Ransomware Cartel', cornering that market on the dark web in the past month.
'They started being more aggressive I think a few weeks before all the attacks in the UK,' he adds.
Researchers have claimed they operate out of Malaysia, with some disputing this and saying they are located in Russia. As well as the M&S hack, DragonForce has been linked to the Co-op cyberattack.
What is Scattered Spider?
Scattered Spider is a community of hackers that targets huge organisations across different sectors using social engineering tactics.
'They're very good at social engineering of different types,' Sergey says, adding that in the past they have used SIM swapping and impersonated IT staff to trick people into letting them use their systems.
Believed to be a community of young adults across the US and UK, the group gained notoriety for their involvement in hacking and extorting two of the largest casino and gambling companies in the United States.
'They understand human nature and how big corporations work,' says Sergey. 'They're very successful.'
In 2023 they were linked to the hacking and extortion of Caesars Entertainment and MGM Resorts International, which led the former to pay a ransom of approximately £11 million ($15 million). They were able to access a significant number of driver's licence numbers and possibly even Social Security numbers of the casino customers through the ransomware demand.
A 17-year-old hacker from the United Kingdom was arrested in connection with the hack and attempted ransom in July 2024.
How did the cyberattack happen?
M&S first disclosed they had experienced a cyberattack on 22 April, which had disrupted their online operations and even halted contactless payments. Hundreds of agency workers at the company were told not to come into work as the retailer dealt with the fallout of the cyberattack.
Customer personal data – which could have included names, email addresses, postal addresses and dates of birth – was also taken by hackers in the attack.
M&S revealed last month that the attack was caused by 'human error', as Mr Machin said in an annual figures report in May that the hackers gained access to the company's IT systems through a third party.
He said at the time: 'We didn't leave the door open, this wasn't anything to do with under-investment. Everyone is vulnerable. For us, we were unlucky on this particular day through some human error.'
Responding to attacks on the retail sector, the NCSC put out advice to the industry and responded to speculation that the Scattered Spider group had used social engineering to target IT help desks and perform password and MFA (multi-factor authentication) resets.
'Criminal activity online – including, but not limited to, ransomware and data extortion – is rampant,' their blog post wrote. 'Attacks like this are becoming more and more common. And all organisations, of all sizes, need to be prepared.'
Deputy Director Paul Foster, head of the NCA's National Cyber Crime Unit, said: 'Specialist NCA cybercrime officers are working closely with law enforcement partners to investigate the recent cyber incidents affecting the retail sector. Identifying the criminals responsible and bringing them to justice is a top priority.
'We are considering the incidents individually, but have a range of hypotheses and are mindful they may be linked.
'The impact of these incidents has been significant and businesses will understandably be concerned. I'd encourage all organisations to follow advice on the NCSC's website to ensure they have effective cyber security measures in place to help prevent attacks.
'I'd also urge those that do unfortunately fall victim to an attack to engage with law enforcement as part of the reporting process. The NCA and policing will investigate covertly and discreetly, as well as support the recovery of systems and data.'
How much money has M&S lost?
The fallout from the cyberattack saw the company lose £650 million of value in a matter of days. M&S said it expected to take an estimated £300 million hit to profits this year, as they predicted disruption to its online business to last into July.
What has M&S said in response?
As M&S reopened its online operations, they put out a statement which said: 'You can now place online orders with standard delivery to England, Scotland and Wales. Delivery to Northern Ireland will resume in the coming weeks.
'We will resume click and collect, next-day delivery, nominated-day delivery and international ordering in the coming weeks.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
The Sun
17 minutes ago
- The Sun
Urgent search for missing girl, 14, who vanished on her own after night with pals in major UK city
POLICE are urgently searching for a 14-year-old girl who disappeared after spending the night with friends in a major UK city. Lucia, from Swansea, was last seen in Cardiff on June 14, just before midnight near Penylan Library, heading towards Wellfield Road. The teenager had been with friends but left the area on her own. She has been described as 5ft 6, with a slim build and long black hair. Lucia was wearing a white skirt, a cream puffer jacket, an orange top and possibly white Converse trainers at the time she went missing. Anyone with information about Lucia's whereabouts is urged to contact South Wales Police, quoting reference 2500188167.
The Guardian
18 minutes ago
- The Guardian
‘Modest fashion' headed for mainstream despite political hostility, say experts
Fashion influenced by Islam and other religions is expected to become 'mainstream' globally, in spite of politicians singling out the burqa and the hijab, as the rise of 'modest fashion' is powered by influencers, luxury brands and big tech. The Conservative leader, Kemi Badenoch, has said employers should be able to ban staff from wearing face coverings, before adding that she was not in favour of a government ban. Her remarks came days after the Reform MP Sarah Pochin asked the prime minister, Keir Starmer, if he would ban the burqa, a veil which covers the face and body, following France's lead. Clothing worn by some Muslim women has become a lightning rod for arguments about integration, personal liberty, women's rights and Islamophobia on both sides of the Channel. A French ban on children under 15 wearing the hijab was proposed last month, and in 2023, France banned girls in state schools from wearing the abaya, the loose-fitting robe worn by some Muslim women. Nonetheless, recent research by Bath Spa University found that 'persistent and growing demand' for modest fashion internationally – typified by looser styles which cover the limbs with a high neckline – was driven by Muslim consumers and Instagram users, with Amazon and Farfetch emerging as market leaders at the affordable and luxury ends of the market respectively. Bournemouth University's Dr Samreen Ashraf, who has pioneered UK research into modest fashion, said its growth was also driven by women's desire to avoid objectification. She said the market remained underserved, with issues around clear labelling from big brands and affordability with smaller suppliers. 'It's not just women with strong religious beliefs,' she added. Women who have faced body shaming or body dysmorphia, who don't have any belief, turn towards modest fashion's more flowing designs. 'Reports have suggested growth of the European modest clothing market from €56.8bn to €72.5bn between 2021 and 2025 – 17.2% of that is UK, of which 6.5% identify themselves as Muslim. That has been one of the reasons why there's been an upward turn. 'Also, with social media, people are feeling: 'I can fully express my religious or cultural identity.'. Especially when the likes of M&S and Asos and Uniqlo and H&M are also offering modest clothing. 'It's not just one religion however, but all faiths, and also empowerment: that if I don't want to reveal my body to others, why should I? Blunt statements from people in power don't serve any good purpose to women. Individual liberty, respect and tolerance are British values.' Bath Spa University's 2025 research found that leading brands' production of hijab and Ramadan lines showed 'the evolution of modest fashion into a mainstream fashion subculture'. Significantly, Muslim influencers on TikTok, many of whom focus on modest fashion, exceeded 125m views in 2023, says the growth strategy research firm DinarStandard, which projects that 30% of the world's 15- to 29-year-olds will be Muslim by 2030. The purchasing power of Muslim shoppers – including from wealthy Gulf states – is credited with leading luxury brands to enter the space, joining independent Muslim retailers and female entrepreneurs worldwide. The aesthetic overlaps with 'quiet luxury' and 'old money' styles, with 'longer hemlines' in common, according to Vogue Arabia. A 2023, Bournemouth University study, led by Ashraf, found 'increasing stigma … associated with Islam post 9/11' had led Muslims to adopt a stronger sense of identity including through 'choosing modest clothing items'. After Pochin's comments, Muslim Women's Network said women who wore the burqa, or other religious dress, were 'simply exercising their fundamental rights to freedom of expression and belief', while the Muslim Council of Britain said 'lazy tropes' were being used to malign a 'proudly British' community.
Telegraph
33 minutes ago
- Telegraph
British firms are being stifled by excessive regulation and bureaucracy
The all-party House of Lords Financial Services Regulation Committee which I chair has just completed a year-long inquiry into how effective the regulators are at fulfilling their duties to boost competitiveness and growth. It's a sad tale of a deeply entrenched culture of risk aversion, of disproportionately high costs of compliance, and of a complex regulatory landscape driven by expansion and overlap in the regulators' remits and by the volume and scope of regulatory activity. There is no doubt that operational inefficiencies and suffocating bureaucracy are damaging growth and place the UK at a competitive international disadvantage. Despite the regulators' growth mandate, the firms which gave evidence to the year-long inquiry say the system is slow and inflexible. Firms complain of being buried under regulatory paperwork and of facing a never-ending barrage of information requests from both the FCA and PRA. The CEO of Nationwide told the inquiry she received 4,519 pieces of direct correspondence in 12 months. Santander responded to more than 300 regulatory requests and managed 400 regular regulatory reports equating to over 2,500 submissions a year. One firm told us it employed 78 compliance officers for its UK operations compared with a total of 73 to cover the other 40 countries it operated in. We were dismayed by the evidence we received which highlighted long-standing issues that limit investment and the ability of financial firms to grow, innovate and compete. The lack of proportionality in the regulators' approach was evident in the FCA's failure to distinguish between wholesale and retail markets and the PRAs approach to capital requirements. The vagueness surrounding the Consumer Duty and the Financial Ombudsman's evolution into a quasi-regulator has created uncertainty and a worrying perception of a regulatory penalty for investment in UK businesses. It is essential for the FCA and FOS to be aligned on redress and interpretation. The FCA and the PRA alone employ around 6,500 staff at a cost of £1.1 billion. This results in an ever-rolling stream of consultation documents, regulatory changes and compliance advice which firms are expected to follow, communicated sometimes informally through speeches by senior regulators and letters to CEOs. My committee receives notice of these every week and it is frankly overwhelming. The regulators lack clear focus and appear to be still haunted by the 2008 financial crisis. This leads to excessive caution, sluggish approvals, high compliance costs and endless red tape. There is an urgent need for the FCA and PRA senior leadership to drive cultural change. This change should emphasise a more tailored and proportional approach to the risks posed by regulated firms, a culture of continual operational improvement and innovation, and a more transparent and trusting relationship with the businesses they regulate. An approach is needed which embraces technology and streamlines compliance for fintech and AI-driven firms. The skills and quality of staff are vitally important and that means addressing remuneration. A revolving door sees regulators losing some of their most talented people, recruited to advise the companies they once regulated at substantially higher salaries. We were surprised by the difference in candour between the evidence we received from the industry in public and the views expressed to us privately. We were obliged to take evidence in private in order to get many firms to share their concerns. At one meeting I attended, a CEO read out his brief from his compliance department which said that if Lord Forsyth invited him to give evidence to his committee under no circumstances should he agree to do so. This is not a healthy situation and there needs to be a much more open and trusting relationship between the regulators and the firms they regulate. In a competitive market, speed matters. Yet firms say UK regulators are lagging behind international rivals when it comes to authorising new products, people and operations. While official stats suggest improvements, they take too long and many say those numbers are misleading: they exclude the time regulators 'stop the clock' to request more data. If launching a new fintech product takes six months longer in London than in Singapore, investors and innovators will simply go elsewhere. We heard many positive reports of the success of the concierge approach of the Singapore regulator, which involved helping firms to grow and comply with regulatory provisions. Our regulators have much to learn from this approach. The Chancellor has placed a great deal of faith in the regulators stimulating economic growth. Our report makes one thing clear: the regulators can't do this alone. The Government must step up. That means clearer economic goals, better use of statutory guidance and more robust performance tracking. Right now, metrics are focused on operational inputs, not outcomes. Without stronger leadership from HM Treasury and without aligning regulators, industry and Parliament, the growth and competitiveness objectives will be little more than political window dressing.
