Overview

• Alphabet’s Google has alerted U.S. retailers that the hacking group Scattered Spider is actively targeting their sector with ransomware and extortion schemes.
• Scattered Spider, responsible for paralyzing UK retailers like Marks & Spencer, has shifted its focus to American retail companies as of mid-May 2025.
• The group uses advanced social engineering tactics, including phishing, SIM-swapping, and MFA-bombing, to breach security systems.
• Law enforcement faces challenges in addressing the group due to its decentralized structure, young operators, and limited cooperation from victims.
• Google cybersecurity analyst John Hultquist warns that Scattered Spider's sector-specific strategy suggests retail will remain a primary target for the foreseeable future.