TZUTC: -0500
MSGID: 1126.consprcy@1:2320/105 2c8c8058
PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0
TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0
BBSID: CAPCITY2
CHRS: ASCII 1
Scattered Spider moves beyond the UK, places crosshairs on US companies

Date:
Thu, 15 May 2025 14:31:00 +0000

Description:
Google is warning that the UK is no longer the only target as multiple
retailers report suffering an attack.

FULL STORY

Scattered Spider, a known ransomware collective, is widening its target 
scope, no longer focusing exclusively on UK firms. This is according to
Googles Threat Intelligence Group (TIG), who told BleepingComputer that US
retailers should take note. 

"The US retail sector is currently being targeted in ransomware and extortion
operations that we suspect are linked to UNC3944, also known as Scattered
Spider," John Hultquist, Chief Analyst at Google Threat Intelligence Group,
told the publication. Hultquist added that Scattered Spider has returned 
after a long hiatus to target multiple firms. 

The group is not as tightly-knit as organizations such as LockBit or Cl0p. It
is relatively loose, and operates within a larger hacking community known as
the Com. Its members engage in all kinds of attacks, from social engineering
and SIM swapping, to ransomware. Scattered Spiders usual targets are 
financial institutions, technology firms, and entertainment/gambling
organizations. 

Names and addresses

Google is warning retailers to take note, however, Silent Push reported that
in 2025 some of Scattered Spiders victims included Chick-fil-A, Forbes,
Instacart, New York Digital Investment Group, News Corporation, Nike,
Twitter/X, Tinder, T-Mobile, and Vodafone. 

Among the retailers targeted this year, BleepingComputer singled out Marks &
Spencer, Co-op, and Harrods. In all of these attacks, the threat actors used
DragonForce - a ransomware operation that emerged in December 2023 and gained
some notoriety since then. 

In April 2025, the UK National Cyber Security Centre (NCSC) published new
guidance, helping UK firms defend against Scattered Spider better. The
organizations urged the retail sector to wake up and tighten up on security. 

"Whilst we have insights, we are not yet in a position to say if these 
attacks are linked, if this is a concerted campaign by a single actor, or
whether there is no link between them at all," the NCSC said. "We are working
with the victims and law enforcement colleagues to ascertain that." 

 Via BleepingComputer

======================================================================
Link to news story:
https://www.techradar.com/pro/security/scattered-spider-moves-beyond-the-uk-pl
aces-crosshairs-on-us-companies

$$
--- SBBSecho 3.20-Linux
 * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)
SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700
SEEN-BY: 226/30 227/114 229/110 111 114 206 300 307 317 400 426 428
SEEN-BY: 229/470 664 700 705 266/512 291/111 320/219 322/757 342/200
SEEN-BY: 396/45 460/58 712/848 902/26 2320/0 105 3634/12 5075/35
PATH: 2320/105 229/426