'Scattered Spider' behind Marks & Spencer cyberattack: Who are they?
What's the story
UK retail giant Marks & Spencer (M&S) is facing a major cyberattack, carried out by hacking group Scattered Spider, BleepingComputer has reported. Scattered Spider is notorious for leveraging social engineering attacks, phishing, multi-factor authentication (MFA) bombing, and SIM swapping to gain network access to large organizations. Its latest attack has caused widespread disruptions, including problems with M&S's contactless payment system and online ordering. Amid the fallout of the incident, around 200 warehouse employees have been asked to stay at home.
Process
How did the attack take place?
Reportedly, the cyberattack on M&S is a ransomware incident that has encrypted the company's servers. The hackers are believed to have first infiltrated M&S's systems in February, when they allegedly stole the NTDS.dit file from the Windows domain. The file is critical as it serves as the primary database for Active Directory Services running on a Windows domain controller, and holds password hashes for Windows accounts.
Results
What did investigation reveal?
The ongoing investigation into the cyberattack on M&S has revealed Scattered Spider as the potential perpetrator. The group, also known as 0ktapus, Starfraud, UNC3944, Scatter Swine, Octo Tempest, and Muddled Libra is famous for its expertise in social engineering attacks and phishing. They have been connected to several high-profile attacks including a breach at MGM Resorts where they impersonated an employee calling the company's IT help desk using social engineering.
Damage control
M&S enlists help from tech giants
In the wake of the cyberattack, M&S has enlisted the help of tech giants including CrowdStrike, Microsoft, and Fenix24. The investigation thus far indicates that the hacking group Scattered Spider or Octo Tempest is responsible for this attack. However, when contacted for comments on these findings, M&S declined to offer more details about the incident.
Profile
A look at the gang
The Scattered Spider group consists of young English-speaking members with varying skills who frequently use hacker forums, Telegram channels, and Discord servers to plan and execute attacks in real time. Over the last two years, law enforcement has increasingly targeted the group with arrests in the US, UK as well as Spain.