Scattered Spider hackers in UK are ‘facilitating’ cyber-attacks, says Google | Cybercrime

[Pelican Press 0]

This is the hidden content, please

• Sign In
• or
• Sign Up

Scattered Spider hackers in *** are ‘facilitating’ cyber-attacks, says

This is the hidden content, please

• Sign In
• or
• Sign Up

| Cybercrime

***-based members of the Scattered Spider hacking community are actively “facilitating” cyber-attacks, according to

This is the hidden content, please

• Sign In
• or
• Sign Up

, as disruption to British retailers spreads to the US.

A group of hackers labelled “Scattered Spider” have been linked with attacks on *** retailers Marks & Spencer, the Co-op and Harrods, with

This is the hidden content, please

• Sign In
• or
• Sign Up

cybersecurity experts warning this week that unnamed retailers across the Atlantic are being targeted as well.

Charles Carmakal, the chief technology officer at

This is the hidden content, please

• Sign In
• or
• Sign Up

’s Mandiant cybersecurity unit, said that the threat had moved to the US in a pattern typical of Scattered Spider assailants.

“They tend to focus on a particular industry sector and geography for a few weeks and then they move on to something else,” he said. “And right now they’re focused on retail organisations. They start in the ***, and now they’ve shifted to US organisations.”

Asked if *** members of Scattered Spider were involved in hacking M&S, he said: “Without specifically naming who the victims are I will say broadly Scattered Spider members in the *** are facilitating and contributing to intrusions.”

The targeting of retailers in the ***, and the techniques associated with Scattered Spider, has prompted the country’s cybersecurity agency to warn companies to look out for specific tactics.

In an advisory note, the National Cyber Security Agency told businesses to look at how their IT help desks help staff members reset passwords. One gambit associated with Scattered Spider – a name coined for a set of hacking tactics rather than an homogenous group – is to ring up IT help desks and pretend to be employees or contractors in order to gain access to company systems.

“What we’re seeing is they’re making telephone calls, calling up help desks, pretending to be employees and convincing helpdesks to reset passwords,” said Carmakal.

Carmakal added that the task of ringing up helpdesks was sometimes carried out by younger members of the Scattered Spider network.

“It’s not always the [threat] actors themselves … that are actually making the phone calls. They outsource some of that work to other members of the broader community, generally younger individuals that aggregate on Telegram and Discord and want to make a few hundred bucks.”

Scattered Spider is unusual among hacking groups deploying ransomware because it is composed of native English speakers from countries such as the ***, US and Canada. Carmakal said he had listened to “countless calls” that Scattered Spider hackers have made to company employees, “whether they were extorting them, or trying to convince somebody to provide credentials or harassing somebody”.

skip past newsletter promotion

Sign up to Business Today

Get set for the working day – we’ll point you to all the business news and analysis you need every morning

Privacy Notice: Newsletters may contain info about charities, online ads, and content funded by outside parties. For more information see our Privacy Policy. We use

This is the hidden content, please

• Sign In
• or
• Sign Up

reCaptcha to protect our website and the

This is the hidden content, please

• Sign In
• or
• Sign Up

This is the hidden content, please

• Sign In
• or
• Sign Up

and

This is the hidden content, please

• Sign In
• or
• Sign Up

apply.

after newsletter promotion

Ransomware gangs infect their targets’ computer systems with malicious software that effectively locks up their internal files, which the criminals then offer to release in exchange for a payment. Typically, these gangs are from Russia or former Soviet states.

Carmakal’s comments came as French luxury brand Dior said this week an “unauthorised external party” had accessed some customer data. The scale of the breach and the identity of the attacker remains unclear, although Paris-based Dior said no payment information had been taken.

This week

This is the hidden content, please

• Sign In
• or
• Sign Up

’s cybersecurity specialists said Scattered Spider was targeting US retailers.

“The US retail sector is currently being targeted in ransomware and extortion operations that we suspect are linked to … Scattered Spider,” said John Hultquist, the chief analyst at

This is the hidden content, please

• Sign In
• or
• Sign Up

Threat Intelligence Group. “The actor, which has reportedly targeted retail in the *** following a long hiatus, has a history of focusing their efforts on a single sector at a time, and we anticipate they will continue to target the sector in the near term. US retailers should take note.”

This is the hidden content, please

• Sign In
• or
• Sign Up

#Scattered #Spider #hackers #facilitating #cyberattacks #

This is the hidden content, please

• Sign In
• or
• Sign Up

#Cybercrime

This is the hidden content, please

• Sign In
• or
• Sign Up

This is the hidden content, please

• Sign In
• or
• Sign Up