Google has warned that the hackers using Scattered Spider tactics against retail chains in the UK have now started targeting retailers in the US in ransomware and extortion operations
More details here: https://www.bleepingcomputer.com/news/security/google-scattered-spider-switches-targets-to-us-retail-chains/
But here’s the TL:DR:
“The US retail sector is currently being targeted in ransomware and extortion operations that we suspect are linked to UNC3944, also known as Scattered Spider,” John Hultquist, Chief Analyst at Google Threat Intelligence Group, told BleepingComputer.
“The actor, which has reportedly targeted retail in the UK following a long hiatus, has a history of focusing their efforts on a single sector at a time, and we anticipate they will continue to target the sector in the near term. US retailers should take note.”
Martin Jartelius, CISO at cybersecurity company Outpost24, commented:
“Well, there is often a geographic element to campaigns, of course, but the difference between cyber and regular crime is that you have billions of neighbors on the internet.
A transition from one primarily English-speaking region to another is less adaption of scripts and makes good sense. Social engineering is related to marketing in that it aims to entice a desired behavior in another individual, which requires both a well-tailored script and an element of culture suited for those you target for it to work out. We see this in smaller fraud as well, where a method is reused, and in those cases scripts, that is ways of working the social engineering, is even sold between criminals.”
Hopefully US retailers are paying attention as UK retailers have been pwned in epic fashion over the last couple of weeks. Which in turn caused some amount of chaos. Thus I would not like to see history repeat itself in the US.
Like this:
Like Loading...
Related
This entry was posted on May 15, 2025 at 3:07 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
US Retailers Now Targeted by Hackers Behind UK Retail Attacks
Google has warned that the hackers using Scattered Spider tactics against retail chains in the UK have now started targeting retailers in the US in ransomware and extortion operations
More details here: https://www.bleepingcomputer.com/news/security/google-scattered-spider-switches-targets-to-us-retail-chains/
But here’s the TL:DR:
“The US retail sector is currently being targeted in ransomware and extortion operations that we suspect are linked to UNC3944, also known as Scattered Spider,” John Hultquist, Chief Analyst at Google Threat Intelligence Group, told BleepingComputer.
“The actor, which has reportedly targeted retail in the UK following a long hiatus, has a history of focusing their efforts on a single sector at a time, and we anticipate they will continue to target the sector in the near term. US retailers should take note.”
Martin Jartelius, CISO at cybersecurity company Outpost24, commented:
“Well, there is often a geographic element to campaigns, of course, but the difference between cyber and regular crime is that you have billions of neighbors on the internet.
A transition from one primarily English-speaking region to another is less adaption of scripts and makes good sense. Social engineering is related to marketing in that it aims to entice a desired behavior in another individual, which requires both a well-tailored script and an element of culture suited for those you target for it to work out. We see this in smaller fraud as well, where a method is reused, and in those cases scripts, that is ways of working the social engineering, is even sold between criminals.”
Hopefully US retailers are paying attention as UK retailers have been pwned in epic fashion over the last couple of weeks. Which in turn caused some amount of chaos. Thus I would not like to see history repeat itself in the US.
Share this:
Like this:
Related
This entry was posted on May 15, 2025 at 3:07 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.