Three teenagers and a 20-year-old woman were arrested Thursday by the U.K.’s National Crime Agency for their alleged role in cyberattacks on major retailers Marks & Spencer (M&S), Co-op, and Harrods.
The arrests, comprising British and Latvian nationals, followed sustained investigations into attacks that crippled the retailers’ operations. The NCA’s National Cyber Crime Unit detained all four at their homes and seized their electronic devices.
“Since these attacks took place, specialist NCA cybercrime investigators have been working at pace and the investigation remains one of the Agency’s highest priorities,” Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, said in a statement. “Today’s arrests are a significant step in that investigation but our work continues, alongside partners in the U.K. and overseas, to ensure those responsible are identified and brought to justice.”
The particular incidents that led to these arrests occurred in April, with attackers crippling the online services of Marks & Spencer, a popular retailer in the U.K. The company’s online sales channels were halted, contactless payments and click-and-collect options were disrupted, and in-store product availability suffered. The attack also resulted in the theft of customer information, including names, email addresses, and postal data. Recovery efforts began in June, with the retailer eventually restoring sections of its online business across the U.K.
Industry experts and law enforcement agencies in several countries have attributed the attacks to a cybercriminal group known as Scattered Spider. The loose-knit collective has infiltrated more than 100 businesses since 2022, hitting organizations in hospitality and gaming, manufacturing, technology and cloud services, telecommunications, retail, manufacturing, food production, insurance and financial services, media, apparel, business process outsourcing, health care, transportation and aviation, according to researchers.
The group is allegedly also behind cyberattacks on several U.S.-based insurance companies, United Natural Foods, and aviation companies WestJet and Hawaiian Airlines.
The group is an offshoot of The Com, a much larger grassroots network of more than 1,000 people responsible for a vast catalog of crimes, including social engineering, crypto theft, phishing, SIM swapping, extortion, sextortion, swatting, kidnapping and murder.
All four arrested are being held on suspicion of violating the U.K.’s Computer Misuse Act, blackmail, money laundering and participating in the activities of an organized crime group.
The post UK arrests four for cyberattacks on major British retailers appeared first on CyberScoop.