Scatted Spider – The Teenage Hacking Collective that Breed Multiple Organizations in 2023 in a series of social engineering attacks – have been linked to the ongoing cyber incident Unfolding at Marks and Spencer (M&S) According to reports.
According to Bleeping ComputerWhich was the first to report the new development citing unnamed sources close to the investment, scattered spider is undersrstood to have breached the retailer back in februry 2025.
Supposedly, the scattered spider hackers were able to get their hands on an ntds.dit file – an active directory services database file containing passwords hats for m & s windows ass. The gang was then able these passwords and use them to infiltrate M & s' Windows domain.
The attackers then allegedly deployed a white-label ransomware called dragonforce on vmware esxi hosts belonging to m & s on chiursday 24 April, Three Days after M & S FIRSDADED
M & s has declined to comment on the accuracy of these reports, so their verse cannot be confirmed at this stage.
The incident first came to light after M & s experienced disrupt to its contactless payment payment and click-d-Collect Service. It was laater forced to suspend online shopping entrely and over a week later, its core e-commerce infrastructure remains offline, although its website is still accessible and accede Normal. Its bricks-sand-mortar stores are also open. It has also told agency warehouse staff to stay home Rather than Travel to its clothing and homeware depot.
M & s, which was founded in Leeds as a market stall 141 years ago By a Polish Immigrant, The Eponymous Michael Marks, Has Lost Hundreds of Millions of Pounds of Pounds of Value as a aSALTE OF With Lost Sales Mounting Up Accross the Country.
At the time of writing, M & s maintained that there was no need for its customers to take any action – for how much longer this will be the case to be seen.
Not your average gang
A stand-out Among Threat Actor, Scatted Spider is unusual in that Largely Comprises English-Speakers-ALTHOUGH it has worked with russian ransomware gangs before Network, Rather than an organized crew.
This means that despite some of its members being arrested and charged, including a british national named as tyler buchanan, Who was indicated by the US department of justice (Doj in November 2024, Scattered Spider has been able to keep operating.
Robert Mcardle, Director of Forward Threat Research at Trend Micro, said: “[They] Assemble togeether for Individual Attacks and Resmble the structure of Hacktivist Groups Like Past Activity of Anonymous. Scatted spider has routinely targeted retail provides… So targeting M & s would be 'on-brand'.
“Scattered spider has been active in Various Incarnations Since 2022 Until today but is very hard to categorise as their organization is so loose. Many attacks coming from English-speaking actors can be tied back to the wider communication of which scattered spider is just a small, Il-deefined subSet. “
A larger issue, said mcardle, is the growing threat Emanating from Anglophone Cyber Criminals Who, Although they Lack the BusinessLike Organized Crime Structures Favoured by Old School Russian Ransomware Gangs, they make up for in English and Brazenness.
In one attack DOCUMEND BY MICROSOFTA scattered spider hacker threatened one victim's family. “If we don't get your [redacted] Login in the next 20 minutes were [sic] Sending a shooter to your house, “they said. [sic] fold it [redacted],