Major British retailers Marks & Spencer and the Co-op have fallen victim to a wave of cyberattacks carried out by a group of hackers believed to be linked to the Scattered Spider network. According to cybersecurity sources, the attackers used advanced “social engineering” tactics, tricking IT help desks into resetting employee passwords, effectively opening the door to sensitive company systems.
As reported by BleepingComputer and confirmed by industry insiders, hackers impersonated legitimate staff members to bypass authentication protocols, gaining access to administrative accounts that allowed them to infiltrate the networks of both M&S and the Co-op. The method, which included impersonation and “SIM swapping” to hijack phone numbers, enabled attackers to receive authentication codes and reset passwords undetected.
In response to the breach, the UK’s National Cyber Security Centre (NCSC), part of GCHQ, has issued urgent new guidance to organizations, warning that incidents like these are “becoming more and more common.” In a blog post, Jonathon Ellison, NCSC’s national resilience director, and chief technology officer Ollie Whitehouse, emphasized that all businesses — regardless of size — must prepare for the growing threat of cybercrime.
The Times UK reports that the NCSC has urged companies to re-examine their password reset procedures, especially for admin-level accounts, which were the apparent targets in these attacks. “Preparation and resilience does not mean just having good defences,” the NCSC wrote. “It also means being able to detect when attackers are using legitimate access, contain the threat, and recover quickly.”
The fallout from the attacks has been significant. M&S experienced product shortages in stores and was forced to suspend some online orders, including via its Ocado partnership. Co-op’s systems were less severely impacted, though the company confirmed hackers accessed member names and contact details. Contradicting this, the BBC reported that employee usernames and passwords were also compromised.
Experts warn that the road to full recovery could be long. While M&S confirmed that it retains access to back-up data — which can sometimes be encrypted by attackers — cybersecurity professionals say the process of cleansing systems, verifying data integrity, and rebuilding networks could take months.
Paul Cashmore, chief of Solace Cyber, noted: “If they’ve got to rebuild all of those systems, it’s going to take a long time. Every point of sale, every internet-connected supply chain has to be verified to ensure the threat has been eradicated.”
The Scattered Spider group, believed to be behind the breaches, is a loosely affiliated network of young hackers primarily based in the UK and US. They specialize in gaining initial access to networks before handing them off to ransomware operators. One of their alleged leaders, 23-year-old Tyler Buchanan from Dundee, has been arrested and extradited to the US on charges of hacking into dozens of companies. His father told the Daily Mail that his son had always been a “computer whizz” but denied any involvement in criminal activity.
Cybersecurity firm SentinelOne and Secureworks have linked Scattered Spider to DragonForce, a pro-Palestinian “hacktivist”-turned-ransomware cartel originating from Malaysia. DragonForce, which emerged in 2023, offers hacking tools and services on the dark web and claims to have successfully targeted over 130 victims. It profits by supporting and taking a share of ransoms from affiliated hacking groups.
The incidents highlight the growing threat posed by cybercrime to critical sectors of the UK economy. As attacks become more targeted and deceptive, experts say companies must combine technical defences with staff training and proactive incident response strategies. The Times UK notes that government agencies and businesses alike are now reassessing the resilience of their IT infrastructure in light of this latest wave of breaches.
Click Here For The Original Source.