Four Arrested in £440M Cyber Attack on Major Retailers Marks & Spencer, Co-op, and Harrods

 
Jul 10, 2025
Cybercrime / Ransomware

The U.K. National Crime Agency (NCA) announced on Thursday the arrest of four individuals linked to cyber attacks against prominent retailers including Marks & Spencer, Co-op, and Harrods. The suspects, consisting of two 19-year-old men, a 17-year-old male, and a 20-year-old woman, were apprehended in the West Midlands and London on charges relating to the Computer Misuse Act, blackmail, money laundering, and involvement in organized crime. All four were arrested at their residences, and their electronic devices have been confiscated for forensic examination. Their identities have not been released. Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, emphasized that “since these attacks occurred, our dedicated cybercrime investigators have been working swiftly, making this investigation a top priority.” He stated, “Today’s arrests mark a significant advancement in our efforts.”

Four Individuals Arrested in £440M Cyber Attack on Major UK Retailers

On July 10, 2025, the U.K. National Crime Agency (NCA) announced the arrest of four individuals in connection with a substantial cyber attack that targeted prominent retailers, including Marks & Spencer, Co-op, and Harrods. The suspects, two 19-year-old men, a 17-year-old male, and a 20-year-old woman, were detained in the West Midlands and London. They face serious charges under the Computer Misuse Act, including offenses related to blackmail and money laundering, as well as involvement in organized crime activities.

The operation to apprehend the suspects took place at their residences, where authorities seized electronic devices for forensic examination. While the identities of the individuals have not been publicly disclosed, this operation highlights the ongoing effort by the NCA to combat significant cyber threats.

Paul Foster, Deputy Director and head of the NCA’s National Cyber Crime Unit, emphasized the importance of these arrests. He stated, “Since these attacks occurred, specialist NCA cybercrime investigators have been working diligently, and this investigation remains one of the Agency’s top priorities.” The arrests are seen as a critical advancement in efforts to address the escalating threat posed by cybercriminal networks.

The cyber attack has been described as one of the most extensive in the U.K., with estimated damages amounting to £440 million. Industry experts suggest that the methodologies employed in this attack may align with several tactics identified in the MITRE ATT&CK framework. Initial access into the systems of these high-profile retailers may have involved phishing or exploiting software vulnerabilities, a common tactic that enables adversaries to gain entry to secure environments.

Once inside, the attackers likely employed techniques related to persistence and privilege escalation. Such methods are crafted to establish a foothold and navigate through a network without detection, potentially allowing them to access sensitive data or manipulate systems for financial gain. The scale of the attack indicates that the perpetrators were well-organized, utilizing sophisticated tools and strategies to maintain their operations over an extended period.

As businesses increasingly rely on digital infrastructures, incidents like this underscore the necessity for robust cybersecurity protocols. The exposure of reputable brands to such attacks serves as a stark reminder of the vulnerabilities present across various sectors. Ongoing investigations by the NCA and other law enforcement agencies are crucial in addressing these cyber threats, but it is equally essential for business owners to remain vigilant and informed about the evolving landscape of cybersecurity risks.

In conclusion, as the analysis of the NCA’s findings continues, the focus remains on preventing future incidents and protecting both organizations and consumers from the impact of cybercrime. This event not only raises awareness but also calls for a proactive stance in developing defenses against such pervasive threats in an increasingly digital world.

Source link

Related Posts

E.U. Imposes Sanctions on 3 Russian Nationals for Cyberattacks Against Estonia’s Key Government Ministries

Jan 28, 2025 – Cybersecurity / Cyber Espionage

The Council of the European Union has sanctioned three Russian nationals for their involvement in “malicious cyber activities” targeting Estonia. The individuals—Nikolay Alexandrovich Korchagin, Vitaly Shevchenko, and Yuriy Fedorovich Denisov—are identified as officers of the Russian Armed Forces’ GRU Unit 29155. According to the council’s decision, these individuals are responsible for cyberattacks aimed at compromising the computer systems of various Estonian institutions to gather intelligence on the country’s cyber security policies.

These cyber intrusions provided unauthorized access to classified and sensitive information within several government ministries, including Economic Affairs and Communications, Social Affairs, and Foreign Affairs, resulting in the theft of thousands of confidential documents, including business secrets and proprietary data.

Fake Google Chrome Websites Distribute ValleyRAT Malware Through DLL Hijacking

February 6, 2025
Cyber Attack / Malware

Fraudulent websites posing as Google Chrome have been employed to spread malicious installers for a remote access trojan known as ValleyRAT. First identified in 2023, this malware is linked to a threat actor referred to as Silver Fox, whose previous operations primarily targeted Chinese-speaking regions, including Hong Kong, Taiwan, and Mainland China. According to Morphisec researcher Shmuel Uzan, “This actor has increasingly focused on key organizational roles—especially in finance, accounting, and sales—underscoring a strategic emphasis on high-value positions with access to sensitive data and systems.” Early cyber attack sequences have shown ValleyRAT being delivered alongside other malware types, such as Purple Fox and Gh0st RAT, the latter having been widely utilized by various Chinese hacking groups. Just last month, counterfeit installers for legitimate software were identified as a distribution method for these attacks.

Cybercriminals Leverage ClickFix Technique to Distribute NetSupport RAT in Recent Attacks

February 11, 2025
Malware / Cyber Attack

In a disturbing trend since early January 2025, cybercriminals have been utilizing the ClickFix method to distribute a remote access trojan known as NetSupport RAT. This malware, often spread through deceptive websites and fraudulent browser updates, provides attackers with full control of the victim’s device. This access allows them to monitor the screen in real time, manipulate the keyboard and mouse, upload and download files, and execute harmful commands.

Originally developed as a legitimate tool for IT support under the name NetSupport Manager, the software has been weaponized by malicious actors to target organizations and harvest sensitive information, including screenshots, audio, video, and files. According to eSentire, “ClickFix involves injecting a fake CAPTCHA webpage onto compromised sites, tricking users into executing malicious PowerShell commands that download and activate malware payloads.”