TZUTC: -0500   
   MSGID: 1126.consprcy@1:2320/105 2c8c8058   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Scattered Spider moves beyond the UK, places crosshairs on US companies   
      
   Date:   
   Thu, 15 May 2025 14:31:00 +0000   
      
   Description:   
   Google is warning that the UK is no longer the only target as multiple   
   retailers report suffering an attack.   
      
   FULL STORY   
      
   Scattered Spider, a known ransomware collective, is widening its target    
   scope, no longer focusing exclusively on UK firms. This is according to   
   Googles Threat Intelligence Group (TIG), who told BleepingComputer that US   
   retailers should take note.    
      
   "The US retail sector is currently being targeted in ransomware and extortion   
   operations that we suspect are linked to UNC3944, also known as Scattered   
   Spider," John Hultquist, Chief Analyst at Google Threat Intelligence Group,   
   told the publication. Hultquist added that Scattered Spider has returned    
   after a long hiatus to target multiple firms.    
      
   The group is not as tightly-knit as organizations such as LockBit or Cl0p. It   
   is relatively loose, and operates within a larger hacking community known as   
   the Com. Its members engage in all kinds of attacks, from social engineering   
   and SIM swapping, to ransomware. Scattered Spiders usual targets are    
   financial institutions, technology firms, and entertainment/gambling   
   organizations.    
      
   Names and addresses   
      
   Google is warning retailers to take note, however, Silent Push reported that   
   in 2025 some of Scattered Spiders victims included Chick-fil-A, Forbes,   
   Instacart, New York Digital Investment Group, News Corporation, Nike,   
   Twitter/X, Tinder, T-Mobile, and Vodafone.    
      
   Among the retailers targeted this year, BleepingComputer singled out Marks &   
   Spencer, Co-op, and Harrods. In all of these attacks, the threat actors used   
   DragonForce - a ransomware operation that emerged in December 2023 and gained   
   some notoriety since then.    
      
   In April 2025, the UK National Cyber Security Centre (NCSC) published new   
   guidance, helping UK firms defend against Scattered Spider better. The   
   organizations urged the retail sector to wake up and tighten up on security.    
      
   "Whilst we have insights, we are not yet in a position to say if these    
   attacks are linked, if this is a concerted campaign by a single actor, or   
   whether there is no link between them at all," the NCSC said. "We are working   
   with the victims and law enforcement colleagues to ascertain that."    
      
    Via BleepingComputer   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/scattered-spider-moves-beyond-the-uk-pl   
   aces-crosshairs-on-us-companies   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 111 114 206 300 307 317 400 426 428   
   SEEN-BY: 229/470 664 700 705 266/512 291/111 320/219 322/757 342/200   
   SEEN-BY: 396/45 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426