heise PlusAbo
Anzeige

Cybercrime gang "Scattered Spider": four arrests in the UK

Three male teenagers and a young woman were arrested, mainly for attacks on British retailers Marks & Spencer, Co-Op and Harrods.

listen Print view
Cubes with letters spell out "CYBERCRIME"; a Finge is turning some letters around to make it "CYBERSECURITY".

(Image: Dmitry Demidovich/Shutterstock.com)

3 min. read
Security
By

Law enforcement officers have arrested four suspected members of the “Scattered Spider” gang in connection with attacks on British companies. Investigators have charged a 20-year-old woman, two 19-year-old men, and a seventeen-year-old with computer misuse, extortion, money laundering, and membership in a criminal organization.

Videos by heise

The four suspects are said to be members of a group called “Scattered Spider,” which has paralyzed several retail businesses lately. The department store chain “Marks & Spencer,” which operates hundreds of stores in the UK, in particular, suffered from the attacks and even temporarily shut down its online business at the end of April. The attack reportedly cost the company up to 300 million pounds. The traditional brand Harrods and the supermarket chain Co-Op Group also complained of attacks by suspected Scattered Spider members.

The group is linked to Lapsus$, a criminal cyber gang that is also active in the UK and uses similar methods. In the case of the attack on Marks & Spencer, SIM swapping to a service provider was also used, i.e., the illegal duplication of mobile phone cards. This is usually preceded by a fraudulent call to the respective mobile phone provider, in which the theft or loss of the original SIM is claimed and the responsible customer service employee is duped. SIM swapping is widespread in the USA and the UK but is not a major threat in Germany, as confirmed to us by mobile network operators.

Blackmail and data theft

The gang mainly uses methods from the social engineering toolbox to infiltrate company networks. The criminals then exfiltrate data and blackmail their victims – a business model that ransomware gangs have recently begun to specialize in. Encrypting data, as classic ransomware does, does not appear to be part of the scattered spider toolkit.

Journalist Brian Krebs has been keeping an eye on the Lapsus$ gang and its allies for years. He states that one of those now arrested was already mentioned by name in an internal chat of the group in April 2022 and was allegedly caught SIM-swapping back then. As Krebs writes, the young criminal had asked his accomplices to exercise caution so as not to arouse any new suspicions among his parents. Apparently, the now-19-year-old was only sixteen years old at the time. Seven members of Lapsus$ in the UK were arrested in 2022, and prosecutors brought charges against five US suspects in 2024.

Those recently arrested in the UK remain in custody for now, the National Crime Agency (NCA) announced. Their electronic devices have been confiscated and are currently being analyzed. The NCA thanked the companies concerned for their support in the investigation.

(cku)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten