Alphabet’s Google warned on Wednesday that hackers responsible for paralyzing disruptions of UK retailers are turning their attention to similar companies in the United States.
“US retailers should take note. These actors are aggressive, creative, and particularly effective at circumventing mature security programs,” John Hultquist, an analyst at Google’s cybersecurity arm, said in an email sent on Wednesday.
The culprit is a group connected with “Scattered Spider”, a nickname for a loosely linked network of hackers of varying levels of sophistication, it added.
Scattered Spider is widely reported to have been behind the particularly disruptive hack at M&S, one of the best-known names in British business, whose online operations have been frozen since 25 April. It has a history of focusing on a single sector at a time and is likely to target retail for a while longer, Hultquist said.
Just a day before Google’s warning, M&S announced that some customer data had been accessed, but this did not include usable payment or card details, or any account passwords. The Guardian understands the details taken are names, addresses and order histories. M&S said personal information had been accessed because of the “sophisticated nature of the incident”.
“Today, we are writing to customers informing them that due to the sophisticated nature of the incident, some of their personal customer data has been taken,” the company said.
Hackers from the Scattered Spider ecosystem have been behind a slew of disruptive break-ins on both sides of the Atlantic. In 2023, hackers tied to the group made headlines for hacking the casino operators MGM Resorts International and Caesars Entertainment.
Law enforcement has struggled to get a handle on the Scattered Spider hacking groups, in part because of their amorphousness, the hackers’ youth, and a lack of cooperation from cybercrime victims.
