Google Says Hackers Behind UK Retail Disruptions Are Now Targeting U.S. Businesses

Photo by Arian Darvishi on Unsplash

Google Says Hackers Behind UK Retail Disruptions Are Now Targeting U.S. Businesses

Reading time: 3 min

Last Updated: May 15, 2025

Google warned on Wednesday that the hacking group Scattered Spider, the same hacking group responsible for multiple cyberattacks on retailers in the United Kingdom, is now targeting retailers in the United States.

In a rush? Here are the quick facts:

  • Google warned that the hacking group Scattered Spider is targeting retail businesses in the U.S.
  • The malicious actor, identified as UNC3944, attacked multiple retailers, including Co-op, Harrods, and Marks & Spencer, stealing data from millions of people.
  • Scattered Spider has been developing sophisticated malicious technologies in 2025.

According to The Record, the information was disclosed by John Hultquist, Chief Analyst at Google’s cybersecurity division.

“The US retail sector is currently being targeted in ransomware and extortion operations that we suspect are linked to UNC3944, also known as Scattered Spider,” said Hultquist.

In a recent post about the threat, the analyst shared on the social media platform X, the expert wrote: “Shields up, US retailers. They’re here.”

Scattered Spider, described by Google in a recent report as “a financially-motivated threat actor characterized by its persistent use of social engineering and brazen communications with victims,” has been developing sophisticated technologies in 2025 to create new powerful malware and phishing kits.

A few days ago, it was revealed that the hacking group UNC3944 was linked to the data breach targeting Co-op, one of the UK’s largest consumer cooperatives,  in which data from 20 million members was stolen. Other businesses, such as Marks & Spencer and luxury retailer Harrods, were also targeted by Scattered Spider.

“The actor, which has reportedly targeted retail in the UK following a long hiatus, has a history of focusing their efforts on a single sector at a time, and we anticipate they will continue to target the sector in the near term. US retailers should take note,” said Hultquist.

The expert shared a warning with the community potentially affected, but Google hasn’t shared any formal attribution yet.

“These actors are aggressive, creative, and particularly effective at circumventing mature security programs,” explained Hultquist. “They have had a lot of success with social engineering and leveraging third parties to gain entry to their targets.”

Despite recent arrests, Scattered Spider continues to evolve and target multiple industries across the globe. A few weeks ago, the FBI announced that it had identified several members of the hacking group through operations to arrest the web launderer known as ElonmuskWHM.

Did you like this article? Rate it!
I hated it I don't really like it It was ok Pretty good! Loved it!

We're thrilled you enjoyed our work!

As a valued reader, would you mind giving us a shoutout on Trustpilot? It's quick and means the world to us. Thank you for being amazing!

Rate us on Trustpilot
0 Voted by 0 users
Title
Comment
Thanks for your feedback
Loader
Please wait 5 minutes before posting another comment.
Comment sent for approval.

Leave a Comment

Loader
Loader Show more...