Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The cyber incident affecting major UK retailer Marks & Spencer (M&S) has been linked to a ransomware attack by the notorious Scattered Spider hacking group.
Last week, M&S disclosed a cyber incident that led to systems being taken offline. Just days later, it then disabled all online sales through its app and website.
Now, multiple sources speaking to tech and cyber publication BleepingComputer have said that a ransomware attack is to blame for the “cyber incident” and that M&S’ systems were encrypted as a result.
According to the report, M&S engaged Microsoft, CrowdStrike and Fenix24 for an investigation into the breach, which has so far concluded that Scattered Spider was behind the incident.
Scattered Spider, or Octo Tempest as Microsoft calls them, is a hacking group largely made of teenagers and young adults believed to be based in the UK and the US.
Threat actors reportedly gained initial access in February when they exfiltrated the Windows domain’s NTDS.dit file, allowing them to gain access to credentials and move laterally throughout the retailer’s systems.
Additionally, BleepingComputer was told that the threat actors encrypted virtual machines on 24 April after deploying the DragonForce ransomware on VMware ESXi hosts.
M&S was unable to comment on the matter when contacted by the publication, nor have any threat actors claimed responsibility for the incident.
The UK retailer said it does not have a time frame for when the issues will be resolved but that it is currently investigating. According to reports, all 1,049 M&S stores in the UK have been affected.
Despite the severity of the incident, M&S has said that customers don’t need to do anything at this stage.
“Our experienced team – supported by leading cyber experts – is working extremely hard to restart online and app shopping,” it said in a statement.
However, as highlighted by CyberNews and Closed Door Security CEO William Wright, customers should be wary of phishing scams and other cyber criminal activity that could follow in the fallout.
“We don’t know if criminals have accessed any customer data, but it’s always safer to be on guard … and treat all communications with caution,” said Wright.
In a post on X, one customer said they received a scam call using card details that they had used with M&S in the past.
“Yesterday I received a NoCallerID who wanted to scam me using my name and last 4 digits of my credit card. I hung up and wasn’t scammed. However, I tried to return an online order to M&S and their staff said systems were down. Now there’s an admission of a cyber attack,” said the customer.
“It transpires the card I paid M&S with is the one the scammers used against me. The scammer wanted access to my phone and wanted me to read a 6 digit code back to him. This would have given him access to all info on my phone. I hung up and called my bank myself. Be alert!”
Be the first to hear the latest developments in the cyber industry.
