Wednesday, May 14, 2025
Advertisements

Scattered Spider Targets UK Retail Sector in Sophisticated Supply Chain Attacks

by Charline
written by Charline

The hacker group Scattered Spider has expanded its focus to UK retail organizations, using advanced supply chain attacks to breach high-value targets.

Active since May 2022, the financially motivated group has shifted from targeting telecom and outsourcing sectors to industries like critical infrastructure and retail. These attacks often coincide with peak retail seasons to increase financial pressure on victims.

Advertisements

From Phishing to Cloud Exploitation

Scattered Spider, also known as Roasting Oktapus and Scatter Swine, is known for its social engineering expertise. Their methods include SMS phishing, SIM swapping, and MFA fatigue attacks. They collect employee phone numbers from public data sources and send phishing messages posing as IT staff to steal credentials.

Advertisements

Partnership with Ransomware Operators

In 2023, researchers observed Scattered Spider working with the BlackCat (ALPHV) ransomware group. Since then, they have deployed ransomware on Windows and Linux systems, especially VMware ESXi servers. Experts believe the group now collaborates with Russian-speaking ransomware networks but avoids targeting CIS countries.

Advertisements

Multi-Stage Attack Pattern

Their attacks follow a clear pattern:

Advertisements
  • Phishing for initial access.
  • Using remote management tools for persistence.
  • Data theft and ransomware deployment.

Recent intrusions in the UK retail sector match Scattered Spider’s known tactics, though the group has not officially claimed responsibility. Analysts believe they now act as access brokers within affiliate models, making their involvement likely.

Advanced Security Evasion Tools

Scattered Spider uses powerful tools like POORTRY, a malicious driver that disables EDR security software. This driver exploits CVE-2015-2291, an old Intel vulnerability, and is signed with legitimate Microsoft certificates to avoid detection.

Supporting this is STONESTOP, a utility that installs and controls POORTRY, helping attackers maintain access while staying hidden.

Conclusion

Scattered Spider’s shift to UK retail targets highlights a dangerous evolution in supply chain attacks. Their advanced evasion techniques and ransomware partnerships pose serious risks to critical industries.

You Might Also Like
Advertisements
blank

Charline is the editor of ProxyServerPro's platform. She is a digital privacy and proxy solutions expert with over 10 years of experience writing and editing content related to online security, browsing solutions, and data protection. Charline has contributed to various tech publications and worked closely with professionals and businesses to enhance their understanding of proxies, internet anonymity, and digital security. Prior to joining ProxyServerPro, she worked at leading digital security firms, where she helped produce educational content aimed at helping users navigate the complexities of the online world with confidence and security.

You may also like

FortiVoice 0-Day Vulnerability Exploited to Execute Arbitrary Code

Fortinet Flaw Lets Attackers Bypass Authentication and Take Control of Devices

Marks & Spencer Confirms Customer Data Breach After Major Cyberattack

Critical ASUS DriverHub Flaw Allowed One-Click Remote Code Execution

New Malware “PupkinStealer” Targets Windows Users to Steal Browser Credentials

BEC and FTF Scams Drive Most Cyber Insurance Claims, Coalition Report Finds

blank

At ProxyServerPro, we are dedicated to providing cutting-edge proxy solutions tailored to meet the diverse needs of businesses and individuals. Our platform offers a comprehensive range of high-performance proxies, including residential, datacenter, and mobile options, ensuring seamless browsing, data scraping, and online anonymity. With a focus on reliability, speed, and security, we empower users to navigate the digital landscape with confidence. Whether you’re managing ad verification, market research, or web automation, ProxyServerPro is your trusted partner for scalable, efficient, and secure proxy services. Explore our portal to discover how we can elevate your online experience.

popular recommendation

What is CroxyProxy?
What is a Web Proxy Server? Types, Benefits & Use Cases
What is FoxyProxy? Features, Benefits & Use Cases
What is SOCKS5 Proxy Server and How Does it Works?

Useful Links

TAGS

© 2024 Copyright  proxyserverpro.com