Hackers Claim Responsibility for Belk Data Breach
DragonForce, a notorious cyber criminal group, has claimed responsibility for the recent data breach at Belk, a popular department store chain based in North Carolina. This latest attack is part of a months-long spree of attacks targeting retail firms in the UK and US, which has already claimed several high-profile victims.
The group, known for its aggressive tactics and ability to adapt, posted on its leak site that it had stolen approximately 156 gigabytes of data from Belk. This revelation comes after DragonForce was linked to an April attack on Marks & Spencer, one of the first breaches in this ongoing campaign.
Researchers at Sophos have confirmed that DragonForce operates as a Ransomware-as-a-Service (RaaS) platform, allowing various groups to pay for affiliate access to its leak site. This means that each victim could be posted by a different affiliate, making it challenging to immediately draw links between individual victims.
According to Sophos researchers, the data was accessed in early May, and DragonForce had listed approximately 136 victims on its leak site as of March. The attack spree has already claimed notable retailers such as Harrods department store in the UK, Victoria's Secret, and Whole Foods distributor United Natural Foods.
Scattered Spider, a separate group linked to this campaign, has since turned its attention to the insurance and airline industries. Belk, with over 300 stores across 16 southeastern states, is the latest addition to the list of targeted retailers.
"DragonForce operates as Ransomware-as-a-Service — meaning various groups can pay for affiliate access to DragonForce's leak site," explained Chris Yule, director of threat research at Sophos. "Each victim could be posted by a different affiliate, making it hard to immediately draw links between individual victims that appear on the site."
The attack on Belk highlights the evolving nature of cyber threats and the need for retailers to stay vigilant in protecting their data. As the situation continues to unfold, cybersecurity experts will be monitoring the situation closely.