Marks & Spencer has lastly reopened its on-line orders, months after a cyber assault which is ready to value the British excessive avenue retailer £300 million in earnings this 12 months.
This comes as a brand new hacking group has been related with the incident, after it was revealed the DragonForce group despatched M&S CEO Stuart Machin an electronic mail days after it confronted a serious cyberattack gloating concerning the hack and demanding ransom fee.
The electronic mail, seen and reported by the BBCstated: “We have marched the ways from China all the way to the UK and have mercilessly raped your company and encrypted all the servers.”
DragonForce aren’t the one group which were related with the assault on the retailer, because the Scattered Spider community had beforehand been named because the enactors of cyber assault.
According to Sergey Shyekevich, a researcher from cybersecurity firm Checkpoint, extra hacker teams are forming alliances on the darkish internet.
“Co-operation between two powerful groups is very interesting,” he says. “It’s one outcome we see on the dark web more and more, alliances between big groups.”
Here’s all we all know concerning the two hacker teams

What is DragonForce?
DragonForce is a hacker organisation that provides Ransomware to cyber-criminal associates for a 20 per cent reduce of any ransoms collected. This implies that for a charge, they lease out their malware via darkish internet marketplaces to cyber-criminals.
While the organisation initially began working in 2023, they’ve had an enormous re-marketing of their enterprise mannequin prior to now couple of months.
“In the last two months, they started to become very active in one of the biggest dark web forums,” says Sergey, who says they’ve marketed themselves as a ‘Ransomware Cartel’, cornering that market on the darkish internet prior to now month.
“They started being more aggressive I think a few weeks before all the attacks in the UK,” he provides.
Researchers have claimed they function out of Malaysia, with some disputing this and saying they’re situated in Russia. As nicely because the M&S hack, DragonForce has been linked to the Co-op cyberattack.
What is Scattered Spider?
Scattered Spider is a neighborhood of hackers that targets large organisations throughout totally different sectors utilizing social engineering ways.
“They’re very good at social engineering of different types,” Sergey says, including that previously they’ve used SIM swapping and impersonated IT employees to trick folks into letting them use their methods.
Believed to be a neighborhood of younger adults throughout the US and UK, the group gained notoriety for his or her involvement in hacking and extorting two of the biggest on line casino and playing firms within the United States.
“They understand human nature and how big corporations work,” says Sergey. “They’re very successful.”
In 2023 they had been linked to the hacking and extortion of Caesars Entertainment and MGM Resorts International, which led the previous to pay a ransom of roughly £11 million ($15 million). They had been in a position to entry a big variety of driver’s licence numbers and presumably even Social Security numbers of the on line casino prospects via the ransomware demand.
A 17-year-old hacker from the United Kingdom was arrested in reference to the hack and tried ransom in July 2024.
How did the cyberattack occur?
M&S first disclosed they’d skilled a cyberattack on 22 April, which had disrupted their on-line operations and even halted contactless funds. Hundreds of company staff on the firm had been advised to not come into work because the retailer handled the fallout of the cyberattack.
Customer private knowledge – which may have included names, electronic mail addresses, postal addresses and dates of delivery – was additionally taken by hackers within the assault.
M&S revealed final month that the assault was attributable to “human error”, as Mr Machin stated in an annual figures report in May that the hackers gained entry to the corporate’s IT methods via a 3rd social gathering.
He stated on the time: “We didn’t leave the door open, this wasn’t anything to do with under-investment. Everyone is vulnerable. For us, we were unlucky on this particular day through some human error.”
Responding to assaults on the retail sector, the NCSC put out recommendation to the trade and responded to hypothesis that the Scattered Spider group had used social engineering to focus on IT assist desks and carry out password and MFA (multi-factor authentication) resets.
“Criminal activity online – including, but not limited to, ransomware and data extortion – is rampant,” their weblog put up wrote. “Attacks like this are becoming more and more common. And all organisations, of all sizes, need to be prepared.”
Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, stated: “Specialist NCA cybercrime officers are working closely with law enforcement partners to investigate the recent cyber incidents affecting the retail sector. Identifying the criminals responsible and bringing them to justice is a top priority.
“We are considering the incidents individually, but have a range of hypotheses and are mindful they may be linked.
“The impact of these incidents has been significant and businesses will understandably be concerned. I’d encourage all organisations to follow advice on the NCSC’s website to ensure they have effective cyber security measures in place to help prevent attacks.
“I’d also urge those that do unfortunately fall victim to an attack to engage with law enforcement as part of the reporting process. The NCA and policing will investigate covertly and discreetly, as well as support the recovery of systems and data.”
How a lot cash has M&S misplaced?
The fallout from the cyberattack noticed the corporate lose £650 million of worth in a matter of days. M&S stated it anticipated to take an estimated £300 million hit to earnings this 12 months, as they predicted disruption to its on-line enterprise to final into July.
What has M&S stated in response?
As M&S reopened its on-line operations, they put out a press release which stated: “You can now place online orders with standard delivery to England, Scotland and Wales. Delivery to Northern Ireland will resume in the coming weeks.
“We will resume click and collect, next-day delivery, nominated-day delivery and international ordering in the coming weeks.”
The Independent has reached out to the retailer for extra remark.
https://www.independent.co.uk/news/uk/home-news/m-s-cyberattack-dragonforce-scattered-spider-hackers-b2765010.html