Scattered Spider hackers in UK are ‘facilitating’ cyber-attacks, says Google

TruthLens AI Suggested Headline:

"Google Reports UK-Based Scattered Spider Hackers Targeting Retailers in US"

Scattered Spider hackers in UK are ‘facilitating’ cyber-attacks, says Google analysis cover image

The Guardian 8.0

Image Source: https://i.guim.co.uk/img/media/c24b73fd1d29d040bef47aaa6eb42c8cfac65aed/8_0_5200_4160/master/5200.jpg?width=1200&height=630&quality=85&auto=format&fit=crop&overlay-align=bottom%2Cleft&overlay-width=100p&overlay-base64=L2ltZy9zdGF0aWMvb3ZlcmxheXMvdGctZGVmYXVsdC5wbmc&enable=upscale&s=a728273b095f6125479f4e29cf0a9584

Original Article Source: https://www.theguardian.com/technology/2025/may/16/scattered-spider-hackers-uk-cyber-attacks-google-us-retailers

View Raw Article Source (External Link)

Raw Article Publish Date: 16 May 2025

AI Analysis Average Score: 8.0

These scores (0-10 scale) are generated by Truthlens AI's analysis, assessing the article's objectivity, accuracy, and transparency. Higher scores indicate better alignment with journalistic standards. Hover over chart points for metric details.

TruthLens AI Summary

The Scattered Spider hacking group, based in the UK, has been implicated in a series of cyber-attacks targeting major retailers such as Marks & Spencer, the Co-op, and Harrods. Google cybersecurity experts have reported that this group's activities are now extending to the United States, with a focus on disrupting the retail sector. Charles Carmakal, the chief technology officer at Google's Mandiant cybersecurity unit, noted that Scattered Spider tends to concentrate on a specific industry for a few weeks before shifting its focus. He emphasized that while he could not disclose the identities of all victims, UK members are significantly involved in facilitating these intrusions against both UK and US retailers, highlighting a concerning pattern of escalating cyber threats across borders.

The National Cyber Security Agency (NCSA) in the UK has issued warnings to businesses, urging them to scrutinize their IT help desk operations, particularly in how they handle password resets. Scattered Spider is known for employing social engineering tactics, such as impersonating employees during phone calls to gain unauthorized access to company systems. Carmakal explained that some of these calls are made by younger members of the community, who often utilize platforms like Telegram and Discord to coordinate their efforts. This method of operation is relatively unique compared to traditional ransomware groups, which are often associated with non-English speaking countries. As the threat landscape evolves, US retailers are advised to remain vigilant, as Google analysts predict continued targeting by Scattered Spider in the near future, particularly in the retail sector.

TruthLens AI Analysis

The article highlights the serious threat posed by the Scattered Spider hacking group, particularly focusing on their activities in the UK and the expansion of their attacks to the US. This information serves to raise awareness about cybersecurity risks, especially for retail organizations, and underscores the need for vigilance among businesses.

Threat Perception and Public Awareness

By emphasizing the ongoing cyber-attacks, the article aims to create a sense of urgency and alertness among companies and the public. The mention of well-known retailers like Marks & Spencer and Harrods adds weight to the narrative, making the threat feel more tangible and immediate. The statement from Google's chief technology officer reinforces the credibility of the warning, as it comes from a recognized leader in cybersecurity.

Potential Omissions and Hidden Agendas

While the article effectively informs readers about the hacking risks, it may also divert attention from broader systemic issues related to cybersecurity. By focusing on specific hacking groups, it could downplay the responsibility of companies to maintain robust cybersecurity measures. Additionally, the article does not delve into the motivations behind such attacks or the potential for state-sponsored hacking, which could provide a more nuanced understanding of the threat landscape.

Credibility of the Information

The information presented appears credible, given the involvement of Google’s cybersecurity experts and the acknowledgment from the UK’s National Cyber Security Agency. However, the article lacks specific details about the extent of the attacks and the exact nature of the vulnerabilities exploited by Scattered Spider, which could leave readers wanting more comprehensive insights.

Comparative Context

In the context of other reports on cybersecurity threats, this article fits into a larger narrative concerning the increasing frequency and sophistication of cyber-attacks globally. However, it does not explicitly connect with recent incidents or similar groups, which could have provided a more extensive picture of the current threat environment.

Impact on Society and Economy

The repercussions of such cyber threats are significant, potentially leading to financial losses for affected retailers, a decline in consumer trust, and broader economic implications. If retailers do not enhance their cybersecurity protocols, it may result in a chain reaction affecting supply chains and consumer behavior.

Target Audience and Community Support

This article primarily appeals to business professionals, IT security teams, and consumers who are aware of the risks of cyber threats. It seeks to engage stakeholders in the retail sector, prompting them to take preventive measures against potential intrusions.

Market Influence

News of cyber-attacks can create volatility in the stock market, particularly for companies in the retail sector. Investors may react negatively to news of breaches, impacting share prices. Retailers like Marks & Spencer may face scrutiny, affecting their market performance.

Geopolitical Considerations

This article touches on the broader implications of cybersecurity threats in the context of national security, particularly as they affect major economies like the UK and the US. In today's climate of heightened geopolitical tensions, such incidents could lead to increased governmental scrutiny and regulatory responses.

Use of AI in Reporting

The writing style appears straightforward and factual, which may suggest minimal AI involvement. However, the structure and flow resemble patterns commonly generated by AI, indicating that automated tools may have assisted in organizing the information effectively.

Overall, while the article effectively raises awareness about the Scattered Spider hacking group and the associated risks, it may also simplify the complex nature of cybersecurity threats and their implications for society. The credibility of the information is generally high, but a more thorough exploration of the issues at hand could enhance public understanding.

Unanalyzed Article Content

Source URL: https://www.theguardian.com/technology/2025/may/16/scattered-spider-hackers-uk-cyber-attacks-google-us-retailers

UK-based members of the Scattered Spider hacking community are actively “facilitating” cyber-attacks, according toGoogle, as disruption to British retailers spreads to the US.

A group of hackers labelled “Scattered Spider” have been linked with attacks on UK retailersMarks & Spencer,the Co-opandHarrods, with Google cybersecurity experts warning this week that unnamed retailers across the Atlantic are being targeted as well.

Charles Carmakal, the chief technology officer at Google’s Mandiant cybersecurity unit, said that the threat had moved to the US in a pattern typical of Scattered Spider assailants.

“They tend to focus on a particular industry sector and geography for a few weeks and then they move on to something else,” he said. “And right now they’re focused on retail organisations. They start in the UK, and now they’ve shifted to US organisations.”

Asked if UK members of Scattered Spider were involved in hacking M&S, he said: “Without specifically naming who the victims are I will say broadly Scattered Spider members in the UK are facilitating and contributing to intrusions.”

The targeting of retailers in the UK, and the techniques associated with Scattered Spider, has prompted the country’s cybersecurity agency to warn companies to look out for specific tactics.

In an advisory note, the National Cyber Security Agency told businesses to look at how their IT help desks help staff members reset passwords. One gambit associated with Scattered Spider – a name coined for a set of hacking tactics rather than an homogenous group – is to ring up IT help desks and pretend to be employees or contractors in order to gain access to company systems.

“What we’re seeing is they’re making telephone calls, calling up help desks, pretending to be employees and convincing helpdesks to reset passwords,” said Carmakal.

Carmakal added that the task of ringing up helpdesks was sometimes carried out by younger members of the Scattered Spider network.

“It’s not always the [threat] actors themselves … that are actually making the phone calls. They outsource some of that work to other members of the broader community, generally younger individuals that aggregate on Telegram and Discord and want to make a few hundred bucks.”

Scattered Spider is unusual among hacking groups deploying ransomware because it is composed of native English speakers from countries such as the UK, US and Canada. Carmakal said he had listened to “countless calls” that Scattered Spider hackers have made to company employees, “whether they were extorting them, or trying to convince somebody to provide credentials or harassing somebody”.

Get set for the working day – we'll point you to all the business news and analysis you need every morning

after newsletter promotion

Ransomware gangs infect their targets’ computer systems with malicious software that effectively locks up their internal files, which the criminals then offer to release in exchange for a payment. Typically, these gangs are from Russia or former Soviet states.

Carmakal’s comments came as French luxury brand Dior said this week an “unauthorised external party” had accessed some customer data. The scale of the breach and the identity of the attacker remains unclear, although Paris-based Dior said no payment information had been taken.

This week Google’s cybersecurity specialists said Scattered Spider was targeting US retailers.

“The US retail sector is currently being targeted in ransomware and extortion operations that we suspect are linked to … Scattered Spider,” said John Hultquist, the chief analyst at Google Threat Intelligence Group. “The actor, which has reportedly targeted retail in the UK following a long hiatus, has a history of focusing their efforts on a single sector at a time, and we anticipate they will continue to target the sector in the near term. US retailers should take note.”

Back to Home

Source: The Guardian