The ransomware collective Scattered Spider, known for their sophisticated tactics, recently targeted Marks & Spencer (M&S) in the UK. The attack involved compromised credentials from Tata Consultancy Services (TCS), a major IT outsourcing firm, to infiltrate M&S's systems. The hackers sent an abusive email to M&S's CEO, demanding a ransom payment. This attack highlights Scattered Spider's strategic focus on targeting IT providers and third-party contractors to amplify their reach.
Source: https://www.infosecurity-magazine.com/news/scattered-spider-tech-vendor/
TPRM report: https://scoringcyber.rankiteo.com/company/marks-and-spencer
"id": "mar600060925",
"linkid": "marks-and-spencer",
"type": "Ransomware",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Retail',
'location': 'UK',
'name': 'Marks & Spencer',
'type': 'Retailer'},
{'industry': 'Retail',
'location': 'UK',
'name': 'Harrods',
'type': 'Retailer'},
{'industry': 'Retail',
'location': 'UK',
'name': 'The Co-op',
'type': 'Retailer'}],
'attack_vector': ['Phishing', 'Credential Harvesting', 'Social Engineering'],
'date_publicly_disclosed': '2025-06-05',
'description': 'Scattered Spider, the ransomware collective, has evolved its '
'arsenal to incorporate more sophisticated tactics, targeting '
'UK retailers including Marks & Spencer (M&S) and Harrods. The '
'group uses advanced social engineering skills and relentless '
'ambition to compromise IT providers and third-party '
'contractors.',
'initial_access_broker': {'entry_point': 'Compromised Credentials',
'high_value_targets': ['System Administrators',
'CFOs',
'COOs',
'CISOs']},
'motivation': 'Financial Gain',
'references': [{'date_accessed': '2025-06-05', 'source': 'ReliaQuest Report'},
{'source': 'BBC News'}],
'threat_actor': 'Scattered Spider (UNC3944, Octo Tempest)',
'title': 'Scattered Spider Ransomware Attacks on UK Retailers',
'type': 'Ransomware',
'vulnerability_exploited': 'Compromised Credentials'}