After paralyzing the online operations of UK retail giant Marks & Spencer, the notorious hacking group known as Scattered Spider is now setting its sights on U.S. retailers. Google’s cybersecurity team has issued a stark warning, urging American companies to bolster their defenses against what experts describe as a highly adaptive and persistent threat group.
From London to Las Vegas: A Cybercrime Pattern Emerges
In a chilling development for the global retail sector, Google’s cybersecurity division has identified ongoing activity from a notoriously aggressive hacking group linked to Scattered Spider, warning that U.S. retailers are next in line for targeted attacks.
The alert follows a crippling cyberattack on Marks & Spencer (M&S), one of the UK’s most iconic retailers, whose online operations have remained frozen since April 25. Google’s threat intelligence analyst John Hultquist noted that the attackers have a track record of targeting specific industries in waves.
“These actors are aggressive, creative, and particularly effective at circumventing mature security programs,” Hultquist warned in an internal communication shared Wednesday.
The attack on M&S is believed to have led to a data breach involving customer names, addresses, and order histories—though the company confirmed no passwords or payment data were compromised.
Also Read: Attention Startups! Showcase Your Smart Policing Solutions on India’s Biggest Stage
Who Are Scattered Spider?
Scattered Spider, often described as a loosely connected network of threat actors, has gained notoriety for high-profile attacks in both the UK and U.S. Known for their adaptive strategies and sector-focused campaigns, the group made headlines in 2023 for breaching MGM Resorts International and Caesars Entertainment, causing major service disruptions and data leaks.
What sets Scattered Spider apart is its decentralized structure, with members often working semi-independently and displaying a range of technical skill levels. Cybersecurity analysts believe many of the group’s operatives are young, English-speaking hackers, often based in Western countries, making them harder to trace and prosecute than conventional ransomware gangs.
Law enforcement agencies on both sides of the Atlantic have acknowledged the challenge in tackling such a shapeless and agile ecosystem, especially when victim organizations hesitate to share breach details due to reputational risk.
A Wake-Up Call for U.S. Retail Sector
The breach at M&S has exposed not only systemic cybersecurity vulnerabilities in the retail sector but also the high reputational and operational costs of delayed or inadequate response. Despite sophisticated defense systems, the hackers reportedly leveraged social engineering, credential phishing, and insider tactics to infiltrate retail networks.
As M&S deals with the fallout, including customer notification and forensic review, U.S. companies have been urged to take immediate steps to harden their cyber infrastructure.
ALSO READ: FCRF Launches Campus Ambassador Program to Empower India’s Next-Gen Cyber Defenders
“This is a critical moment for American retailers to reassess their risk models,” said Hultquist. “Scattered Spider is opportunistic, and their move from hospitality to retail indicates their next play is already in motion.”
Companies are advised to:
- Enhance multi-factor authentication and employee cybersecurity training
- Monitor for lateral movement and privilege escalation
- Increase threat intelligence sharing with peers and public-sector partners