The ongoing outage at the British Retail Giant Marx and Spencer is believed to be due to a ransomware attack, which is believed to have been operated by a hacking collective known as “scattered spider”, Blapping Computer has learned from several sources.
Marx and Spencer (M&S) is a British multinational retailer who appoints 64,000 employees and sells various products including clothes, food and household items in over 1,400 shops worldwide.
Last Tuesday, M&S confirmed that it faced a cyber attack, causing widespread disruption, including its contactless payment system and online order. Today, Sky News reported This disintegration continues, about 200 warehouses asked to stay at home as the company responds to the attack.
Bleepingcomputer has now known that the ongoing outage is due to a ransomware attack that has encrypted the company’s server.
The danger actors are believed to have instigated the M&S in early February, when they allegedly stole the Ntds.Dit file of the Windows Domain.
An Ntds.dit file is the main database for the active directory services running on a Windows Domain Controller. This file contains a password ish for Windows accounts, which can be extracted by the danger actors and is cracked offline to get access to the respective plain password.
Using these credentials, a threat can spread to the Windows domain later, stealing data from the actor network device and server.
Sources told Bleepingcomputer that the danger actors eventually deployed VMWARE ESXI hosts on 24 April to encrypse virtual machines to the dragonforce entry.
Bleepingcomputer has learned that Marx and Spencer sought help to investigate and respond to the attack to help Crowdastric, Microsoft and Fenix24.
The investigation so far indicated that hacking collector is known as scattered spider, or as Microsoft calls them, the Octo Tempast, behind the attack.
On contact with this information, M&S said that they cannot go into the details about the cyber phenomenon.
Do you know about this or any other cyber attack? If you want to share the information, you can safely and confidentially contact the signal on lawrensa.11, lawrence.abrams@bleepingcomputer.com via email, or using our tips form.
Who is a scattered spider?
Scattered spider, also known as 0ktapus, Starfraud, UnC3944Scatter swine, octo temperature, and Masculine,
The group consists of young English speaking members (as the age of 16) with diverse skill sets, which continuously perform the same hacker forums, telegram channels and discord servers. These mediums are used to plan and operate in real time attacks.
Some members are believed to have been considered part of “com” – a loose -blessing community that is involved in violent acts and cyber events. Comprehensive media attention,
While media and researchers usually refer to the scattered spider as a harmonious gang, they are actually a network of individuals, with various danger actors participating in each attack. It is a fluid structure that makes them difficult to track.
The group initially began in financial fraud and social media hacks, but later upgraded for extremely sophisticated social engineering attacks to steal breech corporations in cryptocurrency or forced recovery attacks from individuals.
The group extended its attacks in September 2023 when they applied an employee to an employee while calling MGM Resorts on the company’s IT Help Desk using a social engineering attack. In this attack, the danger actors deployed Blackcat ransomware to encrypse over 100 VMWARE ESXI Hyperviser.
This was an important moment in the ransomware scenario as this was the first known sign that English -speaking actor Russian speaking Russian -speaking Rainmware was working with the gang.
Since then, scattered spider is known to act as associated RansomahbKyulin, and now dragonforce.
Dragonforce is a ransomware operation launched in December 2023, and recently began to promote a new service where they allow cybercrime teams to white.
Researchers usually combine attacks with scattered Spider Group based on specific indicators of the agreement, which targets credit-fashioned fishing attacks that target SSO platforms, social engineering attacks have helped it desktops, and other strategy.
Cyber security firm silent push A report released The most recent fishing attacks of the spider scattered earlier this month were outlined.
In the last two years, law enforcement is targeting the group, arresting several alleged members in the US, United Kingdom and Spain.
