Four arrests have been made in the UK as part of a National Crime Agency investigation into major cyberattacks on M&S, Co-op and Harrods.
The arrests come after a torrid few months for retailers in the UK as M&S was hit by a major cyberattack in April, followed by Co-Op and Harrods.
According to the NCA, two males aged 19, another aged 17, and a 20-year-old female were arrested in London and the West Midlands yesterday morning (10 July) on suspicion of “Computer Misuse Act offences, blackmail, money laundering and participating in the activities of an organised crime group”. Three of the alleged culprits are believed to be UK citizens, with one a Latvian national.
Dragon Force, Scattered Spider – or both?
On 8 July, M&S told the UK parliament’s business and trade sub-committee on economic security, arms and export controls that ‘Dragon Force’ – a mostly Russian-speaking group – is believed to be behind the cyberattack that forced the retailer to suspend online shopping for nearly seven weeks. The attack on M&S is expected to cost the company £300m in profits this year.
However, many experts in the cybersecurity field had speculated that this was likely a Scattered Spider attack, as the tactics looked so similar. Given the findings of SentinelOne and Google Threat Intelligence Group (GTIG), Infosecurity magazine had speculated that “one or several members of the Scattered Spider group worked as DragonForce affiliates in the UK retail hack wave”.
The latest arrests certainly add credence to this theory. Also known as UNC3944, Scattered Spider refers as much to tradecraft or tactics as to a formal group of hackers, according to the experts, but it is widely believed to be deployed by a group of a loosely connected young English-speaking adults and teenagers, mainly based in the US and UK. Now the cybersecurity community will be watching developments with interest.
“Since these attacks took place, specialist NCA cybercrime investigators have been working at pace and the investigation remains one of the Agency’s highest priorities,” said deputy director Paul Foster, head of the NCA’s National Cyber Crime Unit.
“Today’s arrests are a significant step in that investigation but our work continues, alongside partners in the UK and overseas, to ensure those responsible are identified and brought to justice.
“Cyberattacks can be hugely disruptive for businesses and I’d like to thank M&S, Co-op and Harrods for their support to our investigations. Hopefully this signals to future victims the importance of seeking support and engaging with law enforcement as part of the reporting process. The NCA and policing are here to help.”
Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.