Scattered Spider Targets U.S. Retailers in New Cyber Campaign

Trending News

Changes to Civil Rights Enforcement: New Executive Order Eliminates Disparate-Impact Liability in Federal Regulations

How Are Family Offices Building Smarter Wealth? Structural Alpha (11 Examples)

DOJ Rule Restricting Sensitive Data Transfers Takes Effect

The Trump Administration’s Diversity, Equity, and Inclusion (DEI) Executive Orders: A Brief Primer

Trump Administration Announces "Reciprocal" Tariffs

What Every Multinational Company Should Know About … The Global and Reciprocal Tariffs Announcement

Blockading the Ports: U.S. Imposes 10% Global Tariff; Higher Reciprocal Tariff Rates by Country

Fifth Circuit Court of Appeals Negates Ruling on Federal Contractor Minimum Wage

New Executive Order Rescinds the $17.75 Per Hour Federal Contractor Minimum Wage

Medicare Telehealth Gets Another Temporary Lifeline – Will Congress Make it Permanent?

Linn F. Freedman

Email

401-709-3353

Bio and Articles

Find Your Next Job !

Attorney Represented Bodily Injury Adjuster I, II or Sr

Early Career Trial Attorney - Las Vegas, Nevada (Remote)

Legal Secretary / Typist

Explore More Job Openings

U.S. Retailers Bracing for Scattered Spider Attacks

by: Linn F. Freedman of Robinson & Cole LLP - Data Privacy + Security Insider

Thursday, May 29, 2025

Print Mail Download info_icon_img

info_icon_img

Google sent out a warning that the cybercriminal group Scattered Spider is targeting U.S.-based retailers. Scattered Spider is believed to have been responsible for the recent attack on Marks & Spencer in the U.K. A security researcher at Google has posited that Scattered Spider concentrates attacks on one industry at a time and predicts that it will continue to target the retail sector. They have warned that “US retailers should take note. These actors are aggressive, creative, and particularly effective at circumventing mature security programs.”

Mandiant issued a threat intelligence report on May 6, 2025, highlighting Scattered Spider’s social engineering methods and “brazen communication with victims.” It has seen Scattered Spider target specific sectors, such as financial services and food services. Recently, Scattered Spider has been seen deploying DragonForce ransomware. The operators of DragonForce have claimed control of RansomHub.

Mandiant has published recommendations on proactive hardening against the tactics used by Scattered Spider, including prioritizing:

Identity
Endpoints
Applications and Resources
Network Infrastructure
Monitoring / Detections

Although retailers should be on high alert with these warnings, all industries would do well to review Mandiant’s recommendations, as they are timely and effective.

Current Public Notices

Post Your Public Notice Today!

PUBLIC NOTICE OF UCC ARTICLE 9 SALE: 600 Partners LLC

Published: 29 May, 2025

PUBLIC NOTICE OF UCC SALE: Industrial Systems Technology Company

Published: 28 May, 2025

PUBLIC NOTICE OF UCC ARTICLE 9 SALE: CCP Mezzanine Nashville I, LLC

Published: 28 May, 2025

PUBLIC NOTICE OF UCC ARTICLE 9 SALE: Spartan Group Holdings & Affiliated Companies

Published: 28 May, 2025

PUBLIC NOTICE OF DISPOSTITON OF COLLATERAL: 1800 -1818 N. 4th LLC

Published: 23 May, 2025

PUBLIC NOTICE OF UCC ARTICLE 9 SALE: TrueNorth Projects, LLC

Published: 22 May, 2025

PUBLIC NOTICE OF DISPOSITON OF COLLATERAL: Barber Directory, Inc

Published: 19 May, 2025

PUBLIC NOTICE OF 363 SALE: Elmer Buchta Trucking

Published: 31 March, 2025

PUBLIC NOTICE OF UCC ARTICLE 9 SALE: PHILLIPS AMSTERDAM II LLC

Published: 31 March, 2025

Discover more public notices

Current Legal Analysis

Supreme Court Restores Agency Deference In NEPA Reviews

by: Jennifer Brough

Court Strikes Down Fentanyl and Reciprocal Tariffs, but Appeals Court Temporarily Stays Impact

by: Lydia C. Pardini , Deanna Tanner Okun

Talc Safety Subject of New Independent Scientific Expert Panel Led by FDA

by: Jeffrey Kluger

CFPB Seeks to Vacate Open Banking Rule

by: A.J. S. Dhaliwal , Mehul N. Madia

Maryland Enacts Earned Wage Access Law

by: A.J. S. Dhaliwal , Mehul N. Madia

More from Robinson & Cole LLP

Janie & Jack’s Alleged CIPA Violations Consolidated, Thus Avoiding Over 2,000 Individual Arbitration Claims

by: Kathryn M. Rattigan

State Data Minimization Laws Spark Compliance Uncertainty

by: Kathryn M. Rattigan

Four New Executive Orders Aim to Unleash U.S. Nuclear Energy

by: Kathryn Hinton

50% of Professional Services Users Have Used AI Tools Not Authorized by Company

by: Linn F. Freedman

CMS Issues Guidance and Requests Information to Promote Hospital Price Transparency Compliance and Enforcement Efforts

by: Conor O. Duffy

Filing EEO-1 Reports in 2025: Key Points Employers Need to Know

by: Abby M. Warren

DOJ Announces Long-Awaited Corporate Enforcement Priorities

by: Seth B. Orkand , Julianna M. Charpentier

Clock Ticking: DOJ’s New Data Security Rule Requires Compliance by July 8

by: Kathryn M. Rattigan

College Student Behind Cyber Extortions

by: Linn F. Freedman

Data Breach Lawsuits Surge Against Chord Specialty Dental Partners

by: Kathryn M. Rattigan

Getting Too Personal? Illinois Court Says Family Medical History is Genetic Information

FTC Order with GoDaddy Finalized Over Lax Data Security

by: Linn F. Freedman

Bipartisan Take It Down Act Becomes Law

by: Linn F. Freedman

Upcoming Events

May

30

2025

Energy Transition: Winds of Change | Technology and Policy Implications in the New Market

Jun

3

2025

FDA Update: Commissioner Makary at Month Three

Jun

3

2025

Labor and Employment Law Mid-Year Update Webinar

Jun

4

2025

Government Involvement in the Mortgage Market and Ginnie Mae

Print