Recommended reading

Scattered Spider moves beyond the UK, places crosshairs on US companies

News
By published

Google is warning that the UK is no longer the only target

security
(Image credit: Shutterstock / binarydesign)
  • US retailers should "take note", Google is warning
  • Scattered Spider was seen targeting multiple US retailers this year
  • The group has been on a "long hiatus"

Scattered Spider, a known ransomware collective, is widening its target scope, no longer focusing exclusively on UK firms. This is according to Google’s Threat Intelligence Group (TIG), who told BleepingComputer that US retailers “should take note.”

"The US retail sector is currently being targeted in ransomware and extortion operations that we suspect are linked to UNC3944, also known as Scattered Spider," John Hultquist, Chief Analyst at Google Threat Intelligence Group, told the publication. Hultquist added that Scattered Spider has returned after a “long hiatus” to target multiple firms.

The group is not as tightly-knit as organizations such as LockBit or Cl0p. It is relatively loose, and operates within a larger hacking community known as “the Com”. Its members engage in all kinds of attacks, from social engineering and SIM swapping, to ransomware. Scattered Spider’s usual targets are financial institutions, technology firms, and entertainment/gambling organizations.

TechRadar Pro readers can get 60% off Premium Plans at RoboForm now!

TechRadar Pro readers can get 60% off Premium Plans at RoboForm now!

New users can take advantage of RoboForm’s exclusive deal and get 60% off the Premium Plan. With this deal, you can get unlimited password storage, one-click login & autofill, password sharing, two-factor authentication for added protection, cloud backup, and emergency access for trusted contacts. To claim this deal, visit this link and sign up for the Premium Plan to lock in this huge discount.

Preferred partner (What does this mean?)

View Deal

Names and addresses

Google is warning retailers to take note, however, Silent Push reported that in 2025 some of Scattered Spider’s victims included Chick-fil-A, Forbes, Instacart, New York Digital Investment Group, News Corporation, Nike, Twitter/X, Tinder, T-Mobile, and Vodafone.

Among the retailers targeted this year, BleepingComputer singled out Marks & Spencer, Co-op, and Harrods. In all of these attacks, the threat actors used DragonForce - a ransomware operation that emerged in December 2023 and gained some notoriety since then.

In April 2025, the UK National Cyber Security Centre (NCSC) published new guidance, helping UK firms defend against Scattered Spider better. The organizations urged the retail sector to “wake up” and tighten up on security.

"Whilst we have insights, we are not yet in a position to say if these attacks are linked, if this is a concerted campaign by a single actor, or whether there is no link between them at all," the NCSC said. "We are working with the victims and law enforcement colleagues to ascertain that."

Via BleepingComputerd

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.