💰💣

Trustwave Security Incident

Q3 2023 915 days ago Resolved

Incident Overview

Situation Description

Trustwave SpiderLabs has provided insights into the threat group Scattered Spider, detailing their history, modus operandi, and mitigation strategies, particularly in light of recent attacks on UK retailers.

Event Types

Ransomware Malware / Destructive Attack

Industry Sector

Retail

Geographic Scope

National (UK)

Response Actions

Implemented Advanced Authentication Enhanced Third-Party & Supply Chain Risk Management Conducted Employee Training

Impact Analysis

Event Types (2 identified)

Ransomware Malware / Destructive Attack

Financial Impact

$0 USD

Records Affected

Data Types Compromised

Intellectual Property Credentials Operational / System Data

Primary Impacts

Operational Disruption Financial Loss

Key Decisions Made

Implement and enforce strong Multifactor Authentication (MFA) for all users, monitoring for MFA fatigue attacks.; Collect and analyze logs comprehensively from critical systems, including Windows Event Logs, CloudTrail, Azure Activity Log, Okta logs, and firewall/network logs.; Train employees on phishing and social engineering tactics, emphasizing caution with MFA requests.

Technical Analysis

Attack Method

Phishing

Threat Actor Attribution

Scattered Spider UNC3944 Muddled Libra 0ktapus Scattered Swine

Vulnerability / Tool

CVE-2021-35464

Additional Information

Home Resources Trustwave Blog Trustwave SpiderLabs Insights, History, and Mitigations for Scattered Spider May 02, 2025 6 Minute Read The UK retail market has been thrown into turmoil in recent weeks, with three of that nation's highest-profile retailers being targeted allegedly by the well-known threat group Scattered Spider in at least one of the most disruptive incidents. Trustwave SpiderLabs has tracked Scattered Spider for more than a year and has created a detailed profile of the threat group, how it operates, its members, preferred targets, and has a long list of protective measures that an organization should have in place to help remain safe. Many of the indicators SpiderLabs has reported match the current situation impacting the UK retail sector. Background on the Recent Attacks Marks & Spencer (M&S) confirmed on April 21 that it had been attacked, with Harrods and Co-op reporting similar incidents in the following days. M&S was forced to shut down contactless payments and click-and-collect orders, as well as delaying online deliveries, according to published reports . Harrods has claimed to have stopped an intrusion attempt and is operating normally. Another attack forced food retailer Co-op to disconnect certain systems earlier this week after experiencing attempts to gain unauthorized access to some of our systems. Only the M&S attack has been attributed to Scattered Spider. However, the timing and nature of the other attacks do bear some of the hallmarks of a Scattered Spider incident. The NCSC has issued a warning to all retailers to bolster their cybersecurity defenses in light of these events, emphasizing the need for vigilance and robust incident response plans as the investigations continue to unfold. All the information below is derived from a Trustwave SpiderLabs investigation into Scattered Spider. Who is Scattered Spider? Trustwave SpiderLabs' in-depth research has found Scattered Spider, which is also known as UNC3944, Muddled Libra,...

... (truncated for display)

Quick Facts

Company:: Trustwave
Date:: Q3 2023
Status:: Resolved
Decision Maker:: nan
Position:: nan
Published:: 2/05/2025

Source Information

Original Query

DOJ indictment details for Scattered Spider members and tactics

View Original Source

Timeline

Information Published

2/05/2025

Incident Occurred

Q3 2023 (915 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats