Scattered Spider suspected to be behind Marks & Spencer compromise

Outages experienced by major UK multinational food and clothing retailer Marks & Spencer since last week have been attributed to an attack by the hacking collective Scattered Spider, which was initially reported by the company to have disrupted its contactless payment and online ordering systems, according to BleepingComputer. M&S was first compromised by Scattered Spider also known as 0ktapus, Octo Tempest, Muddled Libra, Scatter Swine, and UNC3944 using a stolen Windows domain's NTDS.dit file containing Windows account password hashes, which were later leveraged for lateral movement and data exfiltration before the eventual distribution of the DragonForce encryptor to VMware ESXi hosts on Thursday, noted sources close to the investigation into the incident. Such a development comes more than a year after Scattered Spider first dabbled in social engineering intrusions following initial social media and financial fraud attacks, with the group targeting MGM Resorts with the BlackCat ransomware in September 2023.