U.S. retailers are now in the crosshairs of a notorious hacking group known as Scattered Spider, following a wave of cyberattacks on major U.K. retail businesses, according to a warning issued by Google’s cybersecurity division on Wednesday.
Scattered Spider Shifts Focus from U.K. to U.S. Retail Sector
The hacker group, widely believed to be behind the crippling cyberattack on Marks & Spencer (M&S), a leading British retailer, has now shifted its attention to U.S.-based companies, cybersecurity analysts said.
“U.S. retailers should take note. These actors are aggressive, creative, and particularly effective at circumventing mature security programs,” said John Hultquist, a top analyst at Google’s Mandiant.
Key Incident:
- M&S Cyberattack (April 25, 2025): Online operations remain frozen due to the breach.
- Attack attributed to Scattered Spider or affiliates within its cyber ecosystem.
What to know about Scattered Spider
Scattered Spider is a cybercriminal collective notorious for targeting specific industries with highly disruptive ransomware and intrusion tactics. They gained infamy for
- Hacking MGM Resorts International and Caesars Entertainment in 2023.
- Demonstrating advanced social engineering and phishing tactics.
- Operating as loosely connected, youth-led cyber cells, making law enforcement efforts challenging.
Google and U.S. Retail Experts Raise Red Flags
According to Google, Scattered Spider has a pattern of attacking one industry at a time, with a current focus on retail and e-commerce sectors.
“They’re likely to target retail for a while longer,” Hultquist warned.
Cybersecurity officials emphasise the lack of geographic limitations in these threats.
“There aren’t geographic boundaries on these threats,” said Christian Beckner, VP at the National Retail Federation (NRF).
Top U.S. Retailers on High Alert
Organisations such as the Retail & Hospitality ISAC (Information Sharing and Analysis Centre), whose members include Costco, McDonald’s, Lowe’s, and Albertsons, are now coordinating closely with Google to develop cyber threat briefings for their stakeholders.
Despite these efforts, U.S. federal agencies like the FBI and CISA have yet to comment on the unfolding situation.
Why This Matters to U.S. Businesses
- The attacks are part of a larger wave of organised cybercrime.
- Retailers with large digital footprints are especially vulnerable to operational disruption and data loss.
- Young, anonymous hackers and limited victim disclosure have made enforcement and prevention directives
As cyber threats evolve, the retail sector, especially in the U.S., must stay vigilant. With groups like Scattered Spider expanding their reach, companies are urged to strengthen their cybersecurity posture, implement zero-trust policies, and actively engage in industry threat-sharing initiatives.
