Scattered Spider Moves Beyond the UK, Places Crosshairs on US Companies

A new threat has emerged in the world of cybersecurity, with Google's Threat Intelligence Group warning that Scattered Spider, a known ransomware collective, is expanding its target scope beyond the UK. According to the group, US retailers should take note, as they are being targeted by operations linked to UNC3944, also known as Scattered Spider.

"The US retail sector is currently being targeted in ransomware and extortion operations that we suspect are linked to UNC3944, also known as Scattered Spider," said John Hultquist, Chief Analyst at Google Threat Intelligence Group. "Scattered Spider has returned after a long hiatus to target multiple firms."

Scattered Spider is not as tightly-knit as organizations such as LockBit or Cl0p, but it operates within a larger hacking community known as "the Com". Its members engage in various types of attacks, including social engineering and SIM swapping, as well as ransomware.

The group's usual targets are financial institutions, technology firms, and entertainment/gambling organizations. However, recent attacks have shown that Scattered Spider is not limited to these sectors.

In 2025, some of Scattered Spider's victims included Chick-fil-A, Forbes, Instacart, New York Digital Investment Group, News Corporation, Nike, Twitter/X, Tinder, T-Mobile, and Vodafone. Among the retailers targeted this year, BleepingComputer singled out Marks & Spencer, Co-op, and Harrods.

In all of these attacks, the threat actors used DragonForce - a ransomware operation that emerged in December 2023 and gained some notoriety since then.

The UK National Cyber Security Centre (NCSC) has published new guidance to help UK firms defend against Scattered Spider. The organization urged the retail sector to "wake up" and tighten up on security. However, it is unclear whether these attacks are linked or if this is a concerted campaign by a single actor.

"Whilst we have insights, we are not yet in a position to say if these attacks are linked, if this is a concerted campaign by a single actor, or whether there is no link between them at all," said the NCSC. "We are working with the victims and law enforcement colleagues to ascertain that."

As a seasoned freelance journalist covering IT and cybersecurity topics, I can confirm that Scattered Spider's expansion into new markets highlights the need for businesses to stay vigilant and proactive in defending against cyber threats.

Protect Yourself from Cyber Threats

If you are a business owner or an individual concerned about your online security, here are some tips to protect yourself:

  • Create strong passwords and use two-factor authentication.
  • Keep your software and operating system up-to-date with the latest security patches.
  • Use reputable antivirus software and a VPN when browsing the internet.
  • Regularly back up your data to ensure you can recover in case of an attack.

By taking these steps, you can significantly reduce your risk of falling victim to Scattered Spider or other cyber threats.

About the Author

I am Sead, a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. I cover IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). With over a decade of experience writing for various media outlets, including Al Jazeera Balkans, I'm committed to providing accurate and engaging content on the latest cyber threats and their implications.