Four individuals have been arrested on suspicion of involvement in the April cyber-attacks targeting three prominent UK retailers – Marks & Spencer (M&S), Co-op and Harrods.
Law enforcement action took place on the morning of July 10, with the suspects currently in custody for questioning by the National Crime Agency’s (NCA) National Cyber Crime Unit.
All four individuals have been arrested on suspicion of Computer Misuse Act offences, blackmail, money laundering and participating in the activities of an organized crime group.
Two of the individuals were apprehended by law enforcement in the West Midlands – a 17-year-old British male and a 19-year-old Latvian male.
A 20-year-old British woman was apprehended in Staffordshire.
The other arrestee was a 19-year-old British man from London.
All four were arrested at their home addresses and had their electronic devices seized for digital forensic analysis.
Paul Foster, head of the NCA’s National Cyber Crime Unit, commented: “Since these attacks took place, specialist NCA cybercrime investigators have been working at pace and the investigation remains one of the Agency’s highest priorities.
“Today’s arrests are a significant step in that investigation but our work continues, alongside partners in the UK and overseas, to ensure those responsible are identified and brought to justice.”
Harrods Attack Linked to M&S and Co-op Incidents
It is the first time that authorities have publicly linked the Harrods hack to the M&S and Co-op incidents.
In June, the Cyber Monitoring Centre (CMC) assessed the M&S and Co-op attacks as a single, combined event. However, Harrods was not linked at that time due to the low level of information about the cause and impact.
During a media briefing, Foster praised M&S, Co-op and Harrods for their contributions and support into the NCA’s ongoing investigation into the attacks.
“Their engagement in this has been crucial and we’re hopeful that it signals to future victims of cybercrime attacks the importance and value of working with law enforcement,” he commented.
Scattered Spider at the Center of Retail Attacks
All three incidents, which took place within a similar timeframe, have been linked to the Scattered Spider hacking collective.
The group is believed to have used infrastructure provided by ransomware operator DragonForce to launch the attacks on the three retailers.
During evidence given to the UK Parliament on July 8, M&S chairman Archie Norman confirmed that the attack on the retailer was perpetrated by DragonForce, working in cohesion with other “loosely aligned” actors.
In June, the FBI issued an advisory warning that Scattered Spider is actively targeting airlines with ransomware and data extortion attacks.
Read now: Over 500 Scattered Spider Phishing Domains Poised to Target Multiple Industries
Click Here For The Original Source.
