A newly identified cybercrime group is exploiting abandoned cloud infrastructure to hijack subdomains and launch malicious campaigns under the names of trusted organizations. This threat actor, known as Hazy Hawk, is using overlooked DNS configurations to target enterprise brands and government entities alike—highlighting a growing blind spot in cloud security [...]
A recent wave of cyberattacks has revealed that the threat actor group known as Scattered Spider is now actively targeting retail organizations across the United States. Previously focused on high-profile industries like hospitality and U.K. retailers, this shift marks a concerning trend in the ransomware threat landscape for American businesses.
Scattered Spider, also tracked by Google’s Mandiant as UNC3944, is a highly capable threat group that specializes in sophisticated intrusion methods. Known for blending social engineering with technical exploitation, the group gained notoriety for its role in high-impact incidents such as the ransomware attacks on MGM Resorts and Caesars Entertainment in 2023.
These attackers are particularly skilled in:
Their operations often overlap with ransomware groups like BlackCat, Qilin, RansomHub, and DragonForce, amplifying their impact through data encryption and extortion.
According to Google’s Threat Intelligence team, Scattered Spider has begun focusing efforts on U.S. retail chains. This comes shortly after their confirmed ransomware attack on U.K. retail giant Marks & Spencer, where they encrypted VMware ESXi servers and caused widespread service outages.
Following this breach, other prominent retailers in the U.K. such as Harrods and Co-op also experienced similar disruptions. Intelligence analysts now warn that a similar playbook is being deployed against retailers in the United States.
John Hultquist, Chief Analyst at Google, confirmed:
“The U.S. retail sector is being actively targeted by threat actors believed to be affiliated with Scattered Spider in ongoing ransomware and extortion campaigns.”
Scattered Spider is known to leverage a broad set of attack techniques, including:
Their use of legitimate tools in malicious ways makes them harder to detect and stop once inside a network.
Retail organizations are increasingly digital and data-driven, making them attractive targets for financially motivated attackers. Customer data, payment systems, and third-party logistics integrations all offer valuable footholds for threat actors.
The nature of retail operations—fast-paced, distributed, and often reliant on legacy systems—creates opportunities for attackers to exploit:
A successful attack could disrupt not only e-commerce platforms but also internal operations, supply chain coordination, and customer service functions.
Welcome to WordPress. This is your first post. Edit or delete it, then start writing!
