Scattered Spider Hacking Group Is Behind The Attack On M&S

Uploaded on 2025-04-30 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

The chaotic problems at British retail giant Marks & Spencer (M&S) are being caused by a ransomware attack believed to be conducted by threat actors known as Scattered Spider.  M&S is a British multinational retailer that employs 64,000 employees and sells various products, including clothing, food, and home goods in over 1,400 stores worldwide. 

The retailer is dealing with some major issues, with empty shelves not replenished and delays to its online shopping services.

Scattered Spider is known for its ability to target large multisite companies and breaching their data. Since the attack commenced last weekend M&S has lost more than £700 million, wiped off its stock market valuation.

Shoppers are still able to browse online and shop in M&S’s physical stores using cash or cards, but some major problems continue in stores, with gift cards not currently being accepted. Returning goods is only possible in clothing and homeware stores or via post. Food stores are not currently able to accept returns.

Scattered Spider, also known as 0ktapus, Starfraud, Scatter Swine and Muddled Libra is a classification of threat actors that are adept at using social engineering attacks, phishing, multi-factor authentication (MFA) bombing (targeted MFA fatigue), and SIM swapping to gain initial network access on large organisations.

Scattered Spider members have typically engaged in data theft for extortion and have been known to use BlackCat ransomware.

This hacking group includes young members as young as 16 and is based in the UK and US, with a range of skills and the group began hacking in financial fraud and social media but now steals crypto-currency and hacks company data in extortion attacks. Some Scattered Spider members are thought to be part of The Comm, a group involved in high-profile cyber incidents and they use of different individuals for each attack make them difficult to track.

One of Scattered Spider's biggest exploits was at the gaming giant MGM Resorts International in September 2023, when guests reported difficulty accessing rooms and using casino games. MGM operates over 30 hotel and gaming venues around the world was alerted to a potential hack when Scattered Spider ibrought MGM systems to a halt after they gained access to the company's management systems and were able deploy ransomware.

MGM confirmed that In that exploit, some customers personal data was stolen, including names, dates of birth and driving license numbers. In some cases, social security numbers and passport numbers were also involved. 

It is not known to what the extent of the attack on M&S might have compromised customer data and, if it has, there  is a legal requirement for affected organisation to report this to the UK Information Commissioner's Office (ICO) under the 2018 UK Data Protection Act.

ITV   |   Bleeping Computer   |   Drapers   |   The Times   |  Guardian  |   BBC 

Image: Ideogram

You Might Also Read:

Major German Shopping Site Leaked Customer Data:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 






 

« Five Top-Rated Threat Intelligence Platforms

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Feitian Technologies

Feitian Technologies

Feitian Technologies provides authentication and transaction security products for financial institutions, telecoms, government and leading business enterprises.

Security Research Labs (SRLabs)

Security Research Labs (SRLabs)

Security Research Labs is a Berlin-based hacking research collective and consulting think tank.

Positive Technologies

Positive Technologies

Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection.

CyberGreen Institute

CyberGreen Institute

The CyberGreen Institute is a global non-profit and collaborative organization conducting activities focused on helping to improve the health of the global Cyber Ecosystem.

GB Group (GBG)

GB Group (GBG)

GBG is a global technology specialist in fraud, location and identity data intelligence.

Vijilan Security

Vijilan Security

Vijilan provides 24/7 SOC services to MSPs/VARs. Our Security Operations Center is global, and our services are exclusive to the Channel.

Enso Security

Enso Security

Enso is the first Application Security Posture Management (ASPM) solution, helping security teams everywhere eliminate their AppSec chaos with application discovery, classification and management.

Quantum Armor

Quantum Armor

Quantum Armor is a next-gen cyber security monitoring platform that allows you to continuously stay aware of your security posture, and proactively spot trends, vulnerabilities and potential attacks.

Senteon

Senteon

Senteon is a turnkey cybersecurity platform designed to make securing confidential data affordable, understandable, and streamlined for small-to-mid sized businesses and MSPs.

Tuta

Tuta

Tuta (formerly Tutanota) is an all-in-one email, calendar and contacts app which protects your data with full end-to-end encryption and it requires zero personal information.

Eviden

Eviden

Eviden is an Atos business that brings together its digital, big data and security business lines. It will be a global leader in data-driven, trusted and sustainable digital transformation.

Excite Cyber

Excite Cyber

Excite Technology Services (formerly Cipherpoint) is focused on improving the security posture of our customers.

ITButler e-Services

ITButler e-Services

At IT Butler, our mission is crystal clear: we are dedicated to providing top-tier cybersecurity solutions and best-practice methodologies to secure and enhance your digital infrastructure’s resilienc

Interlynk

Interlynk

Interlynk's #SBOM and # VEX-powered platform automates and continuously monitors first-party and vendor software supply chains and helps meet #FDA, #CRA, #GSA, and #DoD compliance obligations.

Hydden

Hydden

Hydden gives security teams the ability to create a solid foundation to build a truly next-gen identity security practice by bridging the gaps between siloed teams and technologies.

Rite-Solutions

Rite-Solutions

Rite-Solutions is an award-winning software development, systems engineering, and information technology firm.