The hackers behind devastating cyber attacks on Marks & Spencer and Jaguar earlier this year claim to have stolen 1 billion customer records from 39 major companies.
The group, who go by the name Scattered Lapsus$ Hunters – an alliance of Scattered Spider, Lapsus$ and ShinyHunters – has given a deadline of 10 October for a ransom to be paid, or else the data will be released.
Companies impacted, according to the cyber criminals, include Disney, FedEx, Google, Ikea, Mcdonald’s, Toyota and Qantas Airways.
Data was taken from systems hosted by Salesforce, with the hackers claiming that the software giant acted with “criminal negligence” by failing to block the intrusions.
Salesforce claims that its platform has not been compromised, blaming the breaches on social engineering attacks on individual companies using its platform rather than technical vulnerabilities.
“We are aware of recent extortion attempts by threat actors, which we have investigated in partnership with external experts and authorities,” a spokesperson for the company told The Independent.
“Our findings indicate these attempts relate to past or unsubstantiated incidents, and we remain engaged with affected customers to provide support. At this time, there is no indication that the Salesforce platform has been compromised, nor is this activity related to any known vulnerability in our technology.”
Social engineering attacks involve tricking individuals within a company or organisation to reveal confidential information like login access to computing systems.
They can involve phone calls or emails purporting to be from IT support, who manipulate the target into divulging sensitive information.
The hacking group shared what it claimed to be samples of the stolen data on its Telegram page, having gathered it during a months-long social engineering campaign against the firms.
Google, which was one of the victims, explained the methodology of the attack in a detailed blog post in August.
“Over the past several months, [the hacking group] demonstrated repeated success in breaching networks by having its operators impersonate IT support personnel in convincing telephone-based social engineering engagements,” the post stated.
“This approach has proven particularly effective in tricking employees, often within English-speaking branches of multinational corporations, into actions that grant the attackers access or lead to the sharing of sensitive credentials, ultimately facilitating the theft of organization’s Salesforce data.”
The Scattered Spider hackers rose to prominence after a string of high-profile attacks on telecom companies in 2022, before turning their focus on other industries spanning finance, gaming, hospitality and retail.
It is estimated that they have caused hundreds of millions of pounds worth of damage to victims, which include M&S and Co-op in the UK.
A profile compiled by the cyber security consultancy firm S-RM described them as “a set of predominantly native English-speaking cybercriminals – some as young as 16 – who have emerged from in a set of underground hacking groups”.
The report, shared with The Independent, also noted that the group can “convince helpdesk staff to quickly reset employee accounts,” while also breaching networks by purchasing account access information from initial access brokers on the dark web.
