- American retailers must “take note”, Google warns
- A scattered spider was seen aimed at multiple American retailers this year
- The group has been in a “long park”
The scattered spider, a well -known Ransomware collective, is expanding its objective scope, which no longer focuses exclusively on the United Kingdom companies. This is according to the GOOGLE threat intelligence group (TIG), who told him Bleepingcomputer That American retailers “should take note.”
“The US retail sector is currently aiming at ransomware and extortion operations that we suspect that they are linked to UNC3944, also known as Spider scattered,” said John Hultquist, Google Chief Threat Intelligence Group analyst at the publication. Hultquist added that the scattered spider has returned after a “long park” to attack several companies.
The group is not as united as organizations such as Lockbit or CL0P. It is relatively lazy and operates within a largest piracy community known as “The Com”. Its members are dedicated to all kinds of attacks, from Social Engineering and SIM exchange to Ransomware. The usual dispersed objectives are financial institutions, technology companies and entertainment/game organizations.
Names and addresses
Google warns retailers to take note, however, Silent thrust He informed that in 2025 some of Spider’s victims dispersed included Chick-Fil-A, Forbes, Instant, New York Digital Investment Group, News Corporation, Nike, Twitter/X, Tinder, T-Mobile and Vodafone.
Among the retailed retailers this year, Bleepingcomputer He selected Marks & Spencer, Cooper and Harrods. In all these attacks, the threat actors used Dragonforce, a ransomware operation that emerged in December 2023 and won some notoriety since then.
In April 2025, the National Cyber Safety Center of the United Kingdom (NCSC) published a new orientation, which helped the United Kingdom companies defend themselves from the dispersed spider. The organizations urged the retail sector to “wake up” and tighten in security.
“While we have ideas, we are not in a position to say if these attacks are linked, if this is a concerted campaign of a single actor, or if there is no link between them,” said the NCSC. “We are working with the victims and the law colleagues to determine that.”
Through Bleepingcomputerd
