M&S cyber attack tied to teenage cyber criminal gang
Investigators suspect the breach was carried out using a hacking tool from DragonForce, a group that describes itself as a “ransomware cartel”
Marks and Spencer’s major cyber attack has been linked to Scattered Spider, a gang of British and American teenage cyber criminals, according to the Telegraph.
The incident, which caused a widespread outage of M&S’s contactless payments and click-and-collect services over the Bank Holiday weekend, forced customers to ditch their full weekly shops at the checkout and left shelves empty at some of its stores.
The cyber attack also wiped out hundreds of millions of pounds from M&S’s market value. Shares were 2.2% lower at 377.3p as of Monday (28 April) morning, which has since recovered to 387p at the time of writing.
Investigators suspect the breach was carried out using a hacking tool from DragonForce, a group that describes itself as a “ransomware cartel”.
DragonForce typically sells its technology to other hacking groups as “ransomware as a service,” allowing multiple gangs to use it and complicating efforts to attribute blame.
It is understood that a ransomware attack disabled many of the company’s systems. In such cases cyber criminals can encrypt data and demand payment, while also threatening to leak stolen information.
The attack is a major setback for M&S, which has recently seen a surge in food hall shoppers and topped all supermarkets in food sales in the four weeks to 20 April, according to unpublished Kantar data seen by the Telegraph.
M&S is working with cybersecurity experts from CrowdStrike and Microsoft, and has also sought assistance from GCHQ’s National Cyber Security Centre and the National Crime Agency.
M&S has been contacted for comment.
