Hackers who recently attacked UK retail systems are now turning their focus to American companies, according to Google.
This escalation has stressed the urgent need for large retail operators across the United States to be more careful and cautious, watching out for possible vulnerabilities.
In a direct alert issued on Wednesday, John Hultquist, a senior analyst at Google’s cybersecurity division, stated: “U.S. retailers should take note. These actors are aggressive, creative, and particularly effective at circumventing mature security programs.”
The warning follows a string of successful cyberattacks on British retailers, including Marks & Spencer, whose online operations have remained paralysed since April 25. These attacks have been traced back to a group linked to the cybercriminal collective known as “Scattered Spider.”
This loosely organised network is made up of hackers of varying skill levels. While the structure may seem scattered, the execution of their campaigns has been anything but. Their strategy is to target one sector, exploit its weaknesses, then move on. Right now, that sector is retail.
Scattered Spider is no newcomer to headline-making breaches. In 2023, they infiltrated U.S. casino giants like MGM Resorts International and Caesars Entertainment, causing significant financial and operational disruption. The shift to retailers suggests a deliberate and calculated evolution in their approach.
We’ve seen this before, hackers pushing through what should be solid security systems, often using creative methods like phishing, social engineering, and credential theft. The Scattered Spider-linked attackers aren’t simply opportunists, but tactically selecting targets and dismantling them with precision.
The issue isn’t just technical. Law enforcement agencies, including the FBI and the Cybersecurity and Infrastructure Security Agency (CISA), have been unable to contain the group. Their flexibility, the youth of many members, and the unwillingness of victims to cooperate have all hindered investigations. Neither the FBI nor CISA have provided public updates on the matter.
Retail industry platforms in the U.S. are taking the threat seriously. Christian Beckner, vice president at the National Retail Federation, confirmed that his organisation has been actively monitoring the UK incidents. “We’ve been closely tracking everything going on in the UK over the past few weeks,” he said. “There aren’t geographic boundaries on these threats.”
Meanwhile, the Retail & Hospitality Information Sharing and Analysis Centre (ISAC), which includes members such as Costco, McDonald’s, Lowe’s, and Albertsons, is now coordinating with Google to brief its members and strengthen defences.
Beyond a random cyber attack, we are looking at a sustained campaign targeting a specific sector with high-value data and operational exposure. If this is not resolved, we could be seeing a major escalation in the cybersecurity sector.
