Wednesday, May 21, 2025
info@businessmayor.com
Businessmayor logo
technology

Police investigation into UK retail hacks focuses on English-speaking youths

businessmayor
technologyMay 21, 2025
posted on


Joe Tidy

Cyber correspondent, BBC World Service

Getty Images A composite image of the black M&S logo on the left and the blue Co-op logo on the right.Getty Images

Detectives investigating cyber attacks on UK retailers are focussing on a notorious cluster of cyber criminals known to be young English-speakers, some of them teenagers, police have revealed.

For weeks speculation has mounted that disruptive attacks on M&S, Co-op, Harrods and some US retailers could be the work of a hacking community called Scattered Spider.

Speaking about the hacks for the first time, the National Crime Agency (NCA) has told BBC News the group is a key part of its ongoing investigation to find the culprits.

“We are looking at the group that is publicly known as Scattered Spider, but we’ve got a range of different hypotheses and we’ll follow the evidence to get to the offenders,” Paul Foster, head of the NCA’s national cyber crime unit, said in a new BBC documentary.

“In light of all the damage that we’re seeing, catching whoever is behind these attacks is our top priority,” he added.

The wave of attacks, which began at Easter, have resulted in empty shelves in stores, the suspension of online ordering, and millions of people’s private data being stolen.

The attacks have been carried out using DragonForce, a platform that gives criminals the tools to carry out ransomware attacks. However, the hackers pulling the strings have still not been identified and no arrests have been made.

A man with a beard wearing a dark suit and striped tie.

Paul Foster, who leads the NCA’s National Cyber Security Centre

Some cyber experts say the hackers display the traits of Scattered Spider, a loose community of often young individuals who organise across sites like Discord, Telegram and in forums, most likely located in the UK and US.

Read More   AI 'godfather' Yoshua Bengio feels 'lost' over life's work

Although the NCA says it is exploring all parts of the cyber crime ecosystem, it too is looking in the same direction.

“We know that Scattered Spider are largely English-speaking but that doesn’t necessarily mean that they’re in the UK – we know that they communicate online amongst themselves in a range of different platforms and channels, which is, I guess, key to their ability to then be able to operate as a collective,” Mr Foster said.

M&S has been hit with ransomware, which has scrambled the company’s servers rendering computer systems useless. The high street giant is still struggling to keep shelves stocked and has halted online shopping for weeks. Hackers have also stolen customer and employee data from the company.

At Co-op, staff took systems offline to prevent a ransomware infection but a huge amount of customer and staff data was stolen and is being held to ransom. Operations at the firm’s supermarkets, insurance offices and funeral services have been badly affected.

It is not known what is happening at Harrods but the company admitted it had to pull computer systems offline because of an attempted cyber attack.

When the hackers behind the M&S and Co-op attacks anonymously contacted the BBC last week, they declined to say whether or not they were Scattered Spider.

‘Tools readily available’

Cyber security researchers at CrowdStrike formed the name “Scattered Spider” because of the group’s sporadic nature, but other cyber companies have given the cluster nicknames including Octo Tempest and Muddled Libra.

The group was also linked to high-profile attacks including on two US casinos in 2023 and Transport for London last year.

Read More   These are the boldest bitcoin predictions for 2024 — one calls for a 1,000% rally to $500,000

In November, the US charged five British and American men and boys in their twenties and teens for alleged Scattered Spider activity. One is 23-year-old Scottish man Tyler Buchanan, who has not made a plea, and the rest are US based.

NCA investigators will not say how the hackers have managed to breach victim organisations but earlier this month, the National Cyber Security Centre issued guidance to organisations urging them to review their IT help desk password reset processes.

“Calling up IT help desks is a tactic that Scattered Spider seems to favour and they use social engineering techniques to manipulate someone into doing something like clicking on a link or resetting someone’s account to a password they can use,” Lisa Forte from cyber security firm Red Goat said.

In the BBC documentary, a former teen hacker who was arrested nine years ago and now works in cyber security, said he was not surprised that teenagers could be behind the hacks.

“It wouldn’t surprise me – quite [the] opposite. The tools are readily available and it’s very easy to jump online and search straight away. You can feel a bit untouchable but for what end? You’re gonna be arrested 99% of the time,” he said.

A green promotional banner with black squares and rectangles forming pixels, moving in from the right. The text says: “Tech Decoded: The world’s biggest tech news in your inbox every Monday.”



READ SOURCE

You Might Also Like

Recommended For You

This website uses cookies. By continuing to use this site, you accept our use of cookies.