UK law enforcement officials confirmed on Thursday the arrest of four individuals suspected of orchestrating a sophisticated hacking campaign against major British retailers, including Marks & Spencer, Harrods, and the Co-op.
Suspects Linked to Organized Crime
The National Crime Agency (NCA) apprehended a 20-year-old woman, two 19-year-old men, and a 17-year-old youth during coordinated raids across the United Kingdom. Authorities are investigating the group for alleged involvement in hacking, blackmail, money laundering, and operating as part of an organized crime syndicate.
The Scattered Spider Connection
The investigation centers on a series of security breaches that began in April. Hackers targeted the Co-op and Marks & Spencer, leveraging techniques attributed to the notorious “Scattered Spider” collective. This group is known for utilizing advanced social engineering and impersonation tactics to manipulate corporate help desks and call centers into granting unauthorized network access.
Ransomware and Corporate Defense
According to investigators, the intruders utilized their initial access to facilitate the deployment of file-encrypting malware by the DragonForce ransomware gang. While the attackers successfully breached the networks, the full impact was mitigated by proactive corporate responses:
- Co-op: The retailer reportedly preempted the ransomware deployment by shutting down its own network infrastructure, successfully blocking the execution of the malicious software.
- Marks & Spencer: The network was compromised by DragonForce malware following the initial unauthorized entry.
- Harrods: The luxury retailer confirmed it successfully repelled the majority of the cyberattack efforts.
While the NCA has not released the names of the suspects, all four individuals remain in custody as the investigation into the retail sector breaches continues.