British authorities have slapped the cuffs on four suspects linked to the Marks & Spencer cyber attack that disrupted its Click and Collect services, costing the company over $300 million.
The detained suspects included a 20-year-old woman, who was arrested in Staffordshire, and three males aged between 17 and 19 years, arrested in the West Midlands and London, including a 19-year-old Latvian national.
Police arrest group behind M&S cyber attack
The loosely affiliated suspected cybercrime group allegedly worked under the DragonForce operation, which operates ransomware-as-a-service (RaaS) infrastructure.
During the operation, police seized numerous electronic devices, which were taken for digital forensic analysis to be later submitted as evidence.
The National Crime Agency (NCA) officers, some masked, descended upon the suspects in their family homes in the early morning hours of Thursday, July 10, detained them, and recovered many electronic devices.
The raids resulted from weeks of investigation into the M&S cyber attack by domestic and international intelligence and law enforcement agencies, including the U.S. Federal Bureau of Investigation (FBI), the West Midlands Regional Organised Crime Unit, and the East Midlands Special Operations Unit. The impacted retailers, M&S, Co-op, and Harrods, also assisted in the investigations.
“Since these attacks took place, specialist NCA cybercrime investigators have been working at pace and the investigation remains one of the agency’s highest priorities,” said the NCA’s national cybercrime unit chief, Paul Foster. “Today’s arrests are a significant step in that investigation but our work continues, alongside partners in the UK and overseas, to ensure those responsible are identified and brought to justice.”
Foster added that cyber attacks could be extremely disruptive to businesses, emphasizing the importance of tackling illegal online activity and reporting cyber incidents.
“Hopefully this signals to future victims the importance of seeking support and engaging with law enforcement as part of the reporting process. The NCA and policing are here to help.”
Noting that “hacking is not a victimless crime,” a Co-op spokesperson thanked the NCA and other law enforcement authorities for tracking and arresting the hacking suspects. Similarly, a Marks & Spencer spokesperson thanked the authorities for their strong response.
“We welcome this development and thank the NCA for its diligent work on this incident,” the M&S spokesperson stated.
Cyber attacks on UK retailers
The suspects were also accused of involvement in the cyber attack on the United Kingdom’s retailer, the Co-op, which disrupted operations and potentially leaked customer data.
That cyber attack was loosely attributed to the English-speaking cybercrime gang Scattered Spider, to which the suspects likely belong.
Meanwhile, the suspects face various charges under the Computer Misuse Act, including blackmail and money laundering, and participation in organized crime, which could result in lengthy prison sentences if convicted.
Google Threat Intelligence Group (GTIG) chief analyst John Hultquist had warned American businesses that the cybercrime group behind the Marks & Spencer cyber attack and others was coming for them.
“Shields up US retailers. They’re here,” Hultquist posted on X.
German sports apparel giant Adidas also suffered a cyber attack, which was also likely linked to the Scattered Spider cybercrime group.
