US stores the next target for UK retailer hackers, says Google

Google has said that retailers in the United States are next in the firing line following the wave of cyber attacks on UK retailers.

The US tech giant has said that the hackers behind the cyber attacks on Marks & Spencer (M&S), Co-op and Harrods are now taking aim at similar organisations in the US.

“US retailers should take note. These actors are aggressive, creative, and particularly effective at circumventing mature security programs,” said Google cyber security analyst John Hultquist.

You’re out of free articles for this month

Username or Email

Password Forgot password?

Keep me signed in on this device.

First Name

Last Name

Mobile

Organisation Type

By becoming a member, I agree to receive information and promotional messages from Cyber Daily. I can opt out of these communications at any time. For more information, please visit our Privacy Statement.

Need help signing up? Visit the Help Centre.

Google has concluded that the threat actor in question is a group linked to the Scattered Spider hacking collective, which Microsoft, CrowdStrike and Fenix24 concluded was behind the cyber incidents during an investigation for M&S.

However, the general consensus is that the DragonForce ransomware gang is behind all three retailer attacks, having claimed all three and industry analysts making the same conclusion.

According to reports by the BBC, all three incidents have been claimed by the DragonForce ransomware gang, a claim that is backed by signs of their malware and more. Additionally, US cyber firm SentinelOne has also attributed the incidents to DragonForce.

“The DragonForce ransomware group has been targeting UK retailers in a series of coordinated attacks causing major service disruptions,” said Sentinel One.

VIEW ALL

“Prominent retailers such as Harrods, Marks & Spencer, and the Co-op have all reported ongoing incidents affecting payment systems, inventory, payroll and other critical business functions.”

What the M&S investigation did note is that the Scattered Spider hackers, who they believed to be behind the attacks, used DragonForce ransomware for the attacks, and that there is a relationship between the two groups.

This may suggest that DragonForce is behind the incident, or that Scattered Spider is part of DragonForce’s new “partner” program, which is similar to ransomware-as-a-service (RaaS) affiliate programs where affiliates use the infrastructure, but instead the partner uses their own branding, identity and operations.

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

You need to be a member to post comments. Become a member for free today!

newsletter

Be the first to hear the latest developments in the cyber industry.

US stores the next target for UK retailer hackers, says Google

Daniel Croft

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED