The incident follows a spree of ransomware and extortion attacks targeting multiple U.S.- and U.K.-based retailers, including grocery stores. The logistics company said its operations are impacted.
Listen to this article
0:00
Learn more.
This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.
Whole Foods Market’s primary food distributor United Natural Foods is experiencing operational disruptions in response to a cyberattack it detected last week, the company said in a regulatory filing released Monday.
The Rhode Island-based natural food distributor said it took some systems offline Thursday when it became aware of unauthorized activity on its IT systems. The attack and response has “temporarily impacted the company’s ability to fulfill and distribute customer orders,” United Natural Foods President and CFO Giorgio Matteo Tarditi said in the filing with the Securities and Exchange Commission.
“The incident has caused, and is expected to continue to cause, temporary disruptions to the company’s business operations,” Tarditi added.
The attack follows a spree of malicious activity targeting multiple U.S.-based retailers. The cybercrime group Scattered Spider shifted its focus to U.S. retailers after a previous wave of ransomware and extortion attacks hit retailers, including grocery stores in the United Kingdom, resulting in system outages and empty store shelves.
Mandiant noted the shift from U.K.- to U.S.-based retailers in early May and said it was aware of fewer than 10 U.S. retailers impacted by attacks linked to associates of Scattered Spider, a group it tracks as UNC3944, at that time.
Researchers have yet to attribute the attack on United Natural Foods to a specific threat group, but the circumstances bear strong similarities and follow the pattern of recent Scattered Spider activities.
The cybercrime outfit historically targets one sector, or industries with strong overlap, concurrently and seeks out methods to amplify disruption to pressure victim organizations to pay its extortion demands.
“We’ve definitely seen actors interested in disruption, from criminals to state actors, take a special interest in logistics,” John Hultquist, chief analyst at Mandiant, told CyberScoop.
United Natural Foods distributes a broad range of about 250,000 products from more than 11,000 suppliers to 30,000 customer locations in North America. The company, which is scheduled to report quarterly earnings on Tuesday, said it has implemented workarounds for certain operations where possible.
“As soon as we discovered the activity, an investigation was initiated with the help of leading forensics experts and we have notified law enforcement,” a spokesperson for United Natural Foods said in a statement. “We are assessing the unauthorized activity and working to restore our systems to safely bring them back online.”
The company said an investigation into the impact and scope of the incident is in its early stages and remains ongoing.
Whole Foods, which has a wholesale grocery distribution contract with United Natural Foods through mid-2032, did not respond to a request for comment. The Amazon-owned grocery store chain currently operates more than 520 stores in the United States.
