In the past, cyber criminals have accessed internal messaging systems of companies including Uber and Rockstar Games to spy on communications and post ransom demands.
These kinds of tactics were used by a group called Lapsus$ which was made up of English speaking teenagers – two of whom were arrested and convicted in the UK in 2023.
The attack against M&S is being linked to a potential spin of from Lapsus$ known as Scattered Spider which has been responsible for high profile hacks against MGM Grand casino and Transport for London (TfL).
As part of TfL’s response to its cyber attack all staff had to report to security teams in person to ensure that the hackers were fully kicked out of IT systems.
The incident that has crippled M&S is a ransomware attack using the DragonForce cyber crime service.
The Metropolitan Police confirmed it is looking into the cyber attack at M&S.
“Detectives from the Met’s cyber crime unit are investigating,” it said in a statement.
M&S has also reported it to the National Cyber Security Centre (NCSC).
The BBC understands the body is urging other retailers to be vigilant but it’s not thought that retailers are a specific target.
An NCSC spokesperson said: “The NCSC routinely engages with a whole range of organisations about the cyber threats that the UK faces and regularly reminds them about the steps they can take to be as resilient as possible.”