Google has issued a warning to US retailers about a cybersecurity threat from hackers employing tactics similar to the Scattered Spider group, which previously targeted the UK retail sector. This group, suspected to be an organisation named UNC3944, is known for conducting ransomware and extortion campaigns.
“The US retail sector is currently being targeted in ransomware and extortion operations that we suspect are linked to UNC3944, also known as Scattered Spider,” Google Threat Intelligence Group chief analyst John Hultquist told BleepingComputer. “The actor, which has reportedly targeted retail in the UK following a long hiatus, has a history of focusing their efforts on a single sector at a time, and we anticipate they will continue to target the sector in the near term. US retailers should take note.”
UK retail sector: A precedent for US concerns
In the UK, several prominent retailers, such as Marks & Spencer (M&S) and Co-op, have already suffered from similar attacks. M&S was the first to report a breach, where threat actors encrypted virtual machines on VMware ESXi hosts using a DragonForce encryptor. This attack led to the theft of customer data and necessitated mandatory password resets for all online accounts.
Co-op also faced a cyber incident, confirming data theft affecting many current and former members. Yesterday, the company reported that its systems are back to normal, with improved stock availability and fully operational payment methods.
“Following the malicious third-party cyber-attack, we took early and decisive action to restrict access to our systems in order to protect our Co-op,” a spokesperson for Co-op said in a statement. “We are now in the recovery phase and are taking steps to bring our systems gradually back online in a safe and controlled manner.”
Harrods, another major UK retailer, also disclosed recently that it had to restrict internet access after attackers attempted to infiltrate its network.
The DragonForce ransomware operation has claimed responsibility for these attacks. BleepingComputer reported that the attackers used social engineering tactics linked to Scattered Spider. Despite being often described as a cohesive gang, Scattered Spider is a loosely-knit group of threat actors, making their activities challenging to track.
Earlier this month, the UK National Cyber Security Centre (NCSC) issued guidance to help UK organisations in the wake of these attacks. Key recommendations included implementing multi-factor authentication, enhancing monitoring for unauthorised account use, and scrutinising ‘risky logins’ among others.
Meanwhile, French luxury fashion brand House of Dior also disclosed a cybersecurity incident affecting its Fashion and Accessories customers. Dior confirmed that the incident exposed customer information, although they assured that account passwords and payment card information were stored in a separate, unaffected database.
Read more: AI to intensify cyber threats by 2027, warns UK report
