The UK National Crime Agency (NCA) announced on Thursday that four people have been arrested in connection with a cyberattack targeting major retailers Marks & Spencer, the cooperative and Harrods.
Individuals arrested include two 19-year-old men, three 17-year-olds and a 20-year-old woman. They were arrested in the West Midlands and London on suspicion of violation of computer misuse laws, fearful mail, money laundering, and participation in the activities of organized crime groups.
All four suspects were arrested from their homes and electronic devices were seized for forensic analysis. Their names have not been revealed.
“Since these attacks were carried out, specialist NCA cybercrime investigators have worked at PACE, and investigations remain one of the agency’s highest priorities,” Paul Foster, deputy director of the NCA’s national cybercrime division, said in a statement.
“While today’s arrests are an important step in that investigation, our work continues, along with our UK and overseas partners, to ensure that the responsible person is identified and brought to justice.”
According to the Cyber Monitoring Centre (CMC), the April 2025 cyberattack targeting Mark & Spencer and cooperatives was categorized as a “single total cyber event” with financial impacts of £270 million ($363 million) to £440 million ($592 million).
The NCA has not named some “organized crime groups” by individuals, but it is believed that some of these attacks are being carried out by decentralized cybercriminals called scattered spiders.
On July 8th, at the Business and Trade Subcommittee on Economic Security, Arms Export Control Committee hearings in the UK Parliament, Marks & Spencer said the attack on the system was ransomware related and was carried out by the Dragonforce ransomware group and collaborated with other “slowly aligned” actors.
“Ransomware is an ever-present threat, but scattered spiders represent persistent, capable enemies that have historically been effective even for organizations with mature security programs,” Grayson North, senior security consultant at GuidePoint Security, told Hacker News.
“The success of scattered spiders is not the result of new or novel tactics, but rather a desire to be extremely persistent in trying to gain social engineering expertise and early access to your target.”
The majority of individuals associated with financially driven groups are young native English speakers, who give them an advantage when trying to gain trust with their target by helping desks pose as employees.
Scattered spiders are part of COM, a larger loose knit group that handles a wide range of crimes, including social engineering, phishing, sim swapping, terror, six minutes ago, swatting, tricks, murder, and more.
“Scattered spiders rotate across industries and regions based on visibility, payment possibilities, and operational heat, and demonstrate calculated opportunistic targeting strategies,” Halcyon noted.
Mandiant, owned by Google, says that scattered spiders are in the habit of focusing on a single sector at once, maintaining consistent core tactics, techniques and procedures (TTP). This includes setting up a phishing domain designed to closely mimic the legal corporate login portal and trick employees into revealing their credentials.
“This means that organizations can train help desk staff to implement a robust identity verification process and take proactive measures, such as deploying phishing-resistant MFAs to prevent these intrusions.”
Karmakar also calls the arrest of scattered spider members a “significant victory” in the fight against the electronic crime syndicate, and adding action demonstrates the importance of international cooperation in tackling such threats.
“Their aggressive social engineering tactics and relentless pursuit of access have proven to be particularly challenging for many defenders, causing major damage to the UK and US organizations,” Karmakal added. “Previous arrests have affected their operations and have caused significant lulls in their activities, a key window into which organizations can strengthen their defenses against this group.”
Source link
