Reports say the group, said to include members as young as 16, known as Scattered Spider, is involved in the ongoing incident that hit M&S stores and online orders
A gang of teenage hackers has been linked to a devastating cyberattack on high street giant Marks & Spencer. Reports say the group, said to include members as young as 16, known as Scattered Spider, is involved in the ongoing incident.
It emerged as M&S has been forced to suspend almost all sales through its website. The move is proving hugely costly – as well as an embarrassment – given M&S generated nearly £1.3billion of sales of clothing and homewares from online in the year to March last year. The retailer had earlier temporarily halt contactless card payments at stores too.
M&S has remained tight-lipped about the source of the attack, although it is said to be working with GCHQ’s National Cyber Security Centre as well as an outside firm of experts.
However, reports have now emerged suggesting a notorious hacking gang called Scattered Spider could be involved in what is believed to be a ransomware attack. Such attacks typically happen when criminals get their way into IT systems before using a computer virus to encrypt – or lock – files and then demand money to unlock the contents. While there is no evidence at this stage with M&S, there have been concerned that stolen information could be released on the dark web.
According to the website BleedingComputer, M&S’s servers were first breached in February. However, it says those behind it then deployed a hacking too known as DragonForce on April 24.
The report says an investigation so far has thrown up the possible involvement of Scattered Spider, known to tech giant Microsoft as Octo Tempest. The group is said to include English-speaking members – some as young as 16 – who frequent the same online hacking forums. These forums are then used to carry out attacks in real time.
BleedingComputer says the group initially started in financial fraud but has evolved and has targeted corporations to try to extort money. It was linked to a cyberattack on MGM Resorts in September 2023 via its IT helpline for employees.
M&S has seen hundreds of millions wiped from its stock market value since the incident emerged. It is setback for the company after finally enjoying a recovery after years of weak performance.
A message on the M&S website says: “As part of our proactive management of a cyber incident, we have made the decision to pause taking orders via our M&S.com websites, apps and over the phone. Our product range remains available to browse online. We are truly sorry for this inconvenience. Our stores are open to welcome customers.
“We have informed customers that there is no need for them to take any action. That remains the case, and if the situation changes we will let them know. Our experienced team – supported by leading cyber experts – is working extremely hard to restart online and app shopping. We are incredibly grateful to our customers, colleagues and partners for their understanding and support.”
Nathaniel Jones, from cyber security experts Darktrace, said: “The alleged confirmation that Scattered Spider is behind the M&S attack via the DragonForce encryptor highlights the sophisticated threat this group poses to major organisations.
“From the outside looking in, it appears M&S is looking to contain any malicious activity by taking likely impacted systems offline. Unfortunately, we can see how quickly these incidents can cripple retail operations across both digital and physical channels, with the suspension of online orders showing the cascading impact on revenue streams.”
It came as some Marks & Spencer stores were left with empty shelves as the high street chain continues to be disrupted. The retailer said it has “pockets of limited availability” in some of its shops and said it is “working hard” to get availability back to normal. A spokeswoman said: “As part of our proactive management of the incident, we took a decision to take some of our systems temporarily offline. As a result, we currently have pockets of limited availability in some stores. We are working hard to get availability back to normal across the estate.”
It is understood that some packaged food deliveries from M&S to online grocery partner Ocado have also been affected by the cyber incident.