Google Warns U.S. Retailers: Scattered Spider Hackers Shifting Focus from UK to U.S. Targets

/in /tarafından

Alphabet’s Google has issued a stark cybersecurity warning to U.S. retailers, revealing that hackers connected to the Scattered Spider group—linked to recent cyberattacks that paralyzed UK retail giants like M&Sare now actively targeting American retail operations.

These actors are aggressive, creative, and particularly effective at circumventing mature security programs,” said John Hultquist, chief analyst at Google’s cybersecurity unit.

🕸️ Who is Scattered Spider?

  • Scattered Spider is not a single entity but a loosely connected hacker collective, often made up of young and highly adaptive cybercriminals.

  • The group made headlines in 2023 for cyberattacks on:

    • MGM Resorts International

    • Caesars Entertainment

It now appears to be sector-focused, with retail as its current primary target.

💥 Recent Victims

  • Marks & Spencer (M&S), one of the UK’s most iconic retailers, has had its online operations frozen since April 25 due to a Scattered Spider-linked breach.

  • Google says U.S. retailers may soon face similar high-impact intrusions.

🔍 U.S. Retail Sector on High Alert

  • The National Retail Federation is closely monitoring developments.

    There aren’t geographic boundaries on these threats,” said Christian Beckner, an NRF vice president.

  • Retail & Hospitality ISAC, a major industry threat-sharing alliance whose members include Costco, McDonald’s, Albertsons, and Lowe’s, is working with Google to brief members on how to mitigate the threat.

🚨 Enforcement Challenges

  • Scattered Spiders decentralized structure, young members, and a lack of incident reporting by victims make it difficult for law enforcement to act.

  • FBI and CISA have not yet commented on Google’s latest warning.

🧭 Strategic Recommendations

Cyber experts are urging U.S. retailers to:

  • Reassess and reinforce multi-factor authentication (MFA) practices

  • Conduct penetration testing and vulnerability scanning

  • Increase internal monitoring of identity and access management systems

  • Join industry threat-sharing networks like ISAC to stay ahead of threat intelligence

With U.S. retail networks increasingly digitized, Google’s alert underscores the need for proactive defenses, especially as sophisticated, disruptive hacks now span continents and industries with ease.

Beğenebilecekleriniz:
US Warns Firms to Secure Microsoft Tools After Cyberattack
Qantas Suffers Major Cyber Hack Affecting 6 Million Customer Accounts
Hackers Target Multiple Companies’ Chrome Extensions in Widespread Campaign
Mass Federal Layoffs Could Undermine U.S. Cybersecurity, Warns Former NSA Official
Cyberattacks on M&S and Co-op Originated from Help Desk Deception, Says Report
U.S. Lawmakers Call for Scrutiny of Baicells, Chinese Telecom Firm
The US government advises Sisense customers to reset their credentials following a hack
US cybersecurity firm F5 breach linked to Chinese state-backed hackers, sources say