Google on Thursday warned that the hacking group behind the current cyberattacks on high-street UK retailers is now turning to US firms.
“Shields up US retailers. They’re right here,” John Hultquist, chief analyst at Google Menace Intelligence Group, mentioned on X (previously Twitter).
Hultquist pointed to a Might 7 Mandiant weblog publish detailing the actions of UNC3944, also called Scattered Spider, which depends on social engineering, SIM swapping, ransomware deployment, and extortion in assaults towards high-profile targets throughout a broad vary of industries.
“We have now usually noticed UNC3944 conduct waves of concentrating on towards a selected sector, corresponding to monetary providers organizations in late 2023 and meals providers in Might 2024,” Mandiant mentioned.
Mandiant shared its observations of Scattered Spider ways, strategies, and procedures (TTPs) shortly after the DragonForce ransomware group claimed the assaults on UK retailers Co-op, Harrods, and Marks & Spencer (M&S). This week, M&S confirmed that buyer information was stolen within the assault.
Varied studies have attributed the assaults to the Scattered Spider extortion group, and Mandiant famous that DragonForce lately claimed management of the RansomHub ransomware-as-a-service (RaaS), and that Scattered Spider was a RansomHub affiliate in 2024.
The cybersecurity firm additionally warned that financially motivated teams, together with UNC3944, probably view retailers as enticing targets, as a result of great amount of personally identifiable data (PII) and monetary information they possess.
“Additional, these firms could also be extra prone to pay a ransom demand if a ransomware assault impacts their potential to course of monetary transactions,” Mandiant mentioned.Commercial. Scroll to proceed studying.
Final week, Google instructed SecurityWeek that it had not independently confirmed that Scattered Spider or DragonForce had been concerned within the UK retailer assaults.
Nevertheless, Hultquist now warns that ransomware and extortion operations at the moment concentrating on US retailers are probably linked to Scattered Spider. Based mostly on beforehand noticed ways, the group is prone to proceed to focus on the US retail sector for some time, he says.
On Thursday, Mandiant warned on X that Scattered Spider is counting on “superior social engineering and third-party entry” in current assaults.
Associated: In Different Information: Scattered Spider Nonetheless Lively, EncryptHub Unmasked, Rydox Extraditions
Associated: Suspected Scattered Spider Hacker Pleads Responsible
Associated: Lately Charged Scattered Spider Suspect Did Poor Job at Protecting Tracks
Associated: US Costs 5 Alleged Scattered Spider Members
