scattered Archives - Mondo NewsMondo News

The hacker group referred to as the Scattered Spiders is a major focus in criminal investigations concerning cyberattacks against UK retailers, including Marks & Spencer, according to detectives.

The Scattered Spiders, a loosely organized collective of native English-speaking cybercriminals, have been strongly associated with hacking incidents involving M&S, cooperatives, and Harrods. M&S announced on Wednesday that it anticipates a financial impact of approximately £300 million following the recent system breach.

The UK’s National Crime Agency, tasked with combating cybercrime, stated that investigating this group is a priority.

“We are aware of groups publicly identified as Scattered Spiders, yet we maintain various theories as we pursue the evidence to identify the perpetrator,” I informed the BBC.

He added: “Given the extent of the damage we’re witnessing, apprehending the individual responsible for these attacks is our foremost objective.”

Last week, Google informed the Guardian that its UK-based members of the Scattered Spiders were actively “promoting” cyberattacks and warned the US that efforts to infiltrate the UK retailers’ systems were being mirrored in the US.

Targeting specific industries and locations is a common strategy among the Scattered Spider community, who utilize platforms like Discord and Telegram for communication.

Hackers affiliated with M&S deploy ransomware or malicious software that encrypts targeted files. This type of cybercrime is typically associated with Russian-speaking gangs, rather than native English speakers from the UK or the US.

“We are aware that Scattered Spiders predominantly communicate in English, but this does not necessarily imply that they are located in the UK. They engage in online discussions across a variety of platforms and channels.”

Reportedly, these hackers have utilized ransomware known as Dragon Force in their operations, functioning as a ransomware as a service that leverages another group of malware and infrastructure to distribute financial gains from attacks. Ransomware attackers generally request payment in cryptocurrency to unlock encrypted files and return stolen data.

Skip past newsletter promotions

Insights into the suspected Scattered Spiders can be found in a report from the US Department of Justice, which charged five individuals last year for targeting an unnamed American company through a “phishing” text message.

All defendants were in their twenties at the time of the allegations, with ages ranging from 20 to 25. Among them was Tyler Buchanan, 23, hailing from Scotland, who was extradited from Spain to the US.

Google also mentioned that “younger members” of the network often carry out various tasks, such as calling the company’s IT help desk or impersonating employees or contractors to gain access to computer systems. A former teenage hacker cited by the BBC remarked that it “would not surprise me” if a teenage hacker was behind a retail attack.

Source: www.theguardian.com

One significant distinction between certain members of the dispersed spider hacking community and their ransomware counterparts is their accent.

The scattered spiders are connected to the cyberattacks on the British retailer Marks & Spencer. Unlike typical ransomware attackers, the individuals involved seem to be native English speakers, rather than hailing from Russia or former Soviet nations.

This linguistic advantage supports one of their techniques, which Russian hackers may find difficult to emulate. They can infiltrate systems by calling company desks and impersonating employees or by contacting employees while posing as someone from their company desk.

“Being a native English speaker can foster immediate trust. Even internal staff and IT teams may let their guard down slightly due to perceived familiarity,”

Last November, the U.S. Department of Justice shed light on some suspected spider members by charging five individuals for targeting an unidentified American firm through a phishing text message.

The DOJ alleged that the accused sent fraudulent texts to employees, tricking them into divulging sensitive information, including company logins. This breach resulted in the theft of sensitive data, including intellectual property, and significant sums of cryptocurrency from digital wallets.

All the accused were in their 20s at the time of the allegations, with four of them aged between 20 and 25, and Tyler Buchanan, 23, from Scotland, who was extradited from Spain to the U.S. last week. He is set to appear in court in Los Angeles on May 12th.

The U.S. Cybersecurity Agency detailed the scattered spider IT desk strategy in an advisory released in 2023.

Notable ransomware victims of scattered spider attacks include casino operators MGM Resorts and Caesars Entertainment, which were targeted in 2023. Following the attacks, the West Midlands police arrested a 17-year-old in Walsall last year. They have been contacted for further updates on this incident.

The scattered spider was identified as responsible for the M&S breach by BleepingComputer, a high-tech news platform. The report indicated that the attackers employed malicious software known as Dragonforce to compromise parts of the retailer’s IT network.

These incidents are categorized as ransomware attacks because the attackers typically demand substantial payments in cryptocurrency to restore access to compromised systems. Leveraging ransomware from other gangs is a common occurrence, known as the model of ransomware-as-a-service.

Analysts from cybersecurity firm Recorded Future remarked that “scattered spiders” is more of an “umbrella term” rather than a specific group of financially motivated cybercriminals. They noted it stemmed from “The Com” rather than “monolithic entities,” and is engaged in various criminal activities, including sextortion, cyberstalking, and payment card fraud.

“We operate within a channel and affiliate marketing framework, primarily on platforms like Discord and Telegram, mostly in exclusive invitation-only channels and groups,” stated the analyst.

Ciaran Martin, former head of the UK’s National Cybersecurity Centre, remarked that scattered spiders are “unusual” given their non-Russian origins.

“The vast majority of ransomware groups originate from Russia. [Scattered Spider] seems to have utilized Russian code for this attack with Dragonforce, but notably, they appear to be based here and in the U.S., which may facilitate their arrest.” Martin, now a professor at Brabatnik Government School at Oxford University, added:

Martin further emphasized that the youthful infamy of scattered spiders should not diminish the threat they pose. “They are indeed a rare but quietly menacing group,” he noted.

Source: www.theguardian.com

Mondo News

All of the latest tech and science news from all over the world.

Tag Archives: scattered

NCA Investigates Cyberattacks on UK Retailers Linked to Scattered Spiders | Hacking

How “Native English” Scattered Spider Groups Are Connected to M&S Attacks