Google Warns UK Retailer Hackers Now Targeting US

Google on Thursday warned that the hacking group behind the recent cyberattacks on high-street UK retailers is now turning to US companies.

“Shields up US retailers. They’re here,” John Hultquist, chief analyst at Google Threat Intelligence Group, said on X (formerly Twitter).

Hultquist pointed to a May 7 Mandiant blog post detailing the activities of UNC3944, also known as Scattered Spider, which relies on social engineering, SIM swapping, ransomware deployment, and extortion in attacks against high-profile targets across a broad range of industries.

“We have regularly observed UNC3944 conduct waves of targeting against a specific sector, such as financial services organizations in late 2023 and food services in May 2024,” Mandiant said.

Mandiant shared its observations of Scattered Spider tactics, techniques, and procedures (TTPs) shortly after the DragonForce ransomware group claimed the attacks on UK retailers Co-op, Harrods, and Marks & Spencer (M&S). This week, M&S confirmed that customer ...