14 hours Ago
The British teen 'Scattered Spider' hackers 'behind M&S cyber attack' as experts tell customers to change passwords and issue warning over 'ransomware' threat to UK retailers By TOM COTTERILL Published: 12:58 BST, 30 April 2025 | Updated: 13:00 BST, 30 April 2025 e-mail 1 View comments British teenagers have been linked to the notorious Scattered Spider hacking group suspected of being responsible for the cyber attack that continues to cripple Marks & Spencer. The gang of cyber criminals is believed to be largely made up of English-speaking teenagers and young men, predominantly from the UK and US. Online security experts fear the hackers could strike again and have warned Brits to change their passwords to avoid falling victim to future 'ransomware' attacks.
The shadowy collective is thought to have an army of 1,000 hackers worldwide and has been linked with major heists that have seen firms blackmailed for millions. Previous arrests have seen alleged members of the criminal outfit from the UK being detained by cops. Among them is Tyler Robert Buchanan .
The 23-year-old is alleged to be Scattered Spider's leader. He was arrested at a Spanish airport in June last year. Scotsman Buchanan is alleged to have been behind the 2023 hack of Las Vegas casino operators Caesar's Entertainment and MGM Resorts International.
US prosecutors also claim he was part of a sophisticated £9million cryptocurrency fraud, which saw victims being sent phishing text messages warning their accounts would be closed. British teenagers have been linked to the notorious Scattered Spider hacking group responsible for the cyber attack that continues to cripple Marks & Spencer. Among them is Tyler Robert Buchanan.
The 23-year-old is alleged to be Scattered Spider's leader. He was arrested at a Spanish airport in June last year (pictured is his arrest) The link directed them to a legitimate-looking website which they then entered their personal details in. It's alleged the hacking gang then seized these details and used them to pilfer £9million worth of virtual currency.
Buchanan, of Dundee, was arrested in Spain earlier this year while on his way to Italy and is in custody awaiting extradition to the US to face charges of conspiracy to commit wire fraud, conspiracy, wire fraud, and aggravated identity theft. Earlier this month he was charged alongside four American men, all of whom are below the age of 25. Should he be convicted in the US, he could face 47 years in jail.
Last year, a 17-year-old boy from Walsall was also arrested in connection with the same Las Vegas cyber attack. He was detained by police last July on suspicion of Blackmail and Computer Misuse Act offences before being bailed pending further enquiries. The boy is still under investigation, the National Crime Agency (NCA) confirmed to MailOnline today.
Officers from the Regional Organised Crime Unit for the West Midlands (ROCUWM) joined officers from the NCA, in coordination with the United States Federal Bureau of Investigation (FBI) to carry out the strike. Speaking at the time, Detective Inspector Hinesh Mehta, cyber crime unit manager, at ROCUWM, said: 'These cyber groups have targeted well known organisations with ramsomware and they have successfully targeted multiple victims around the world taking from them significant amounts of money. 'We want to send out a clear message that we will find you.
It's simply not worth it.' The alleged hack has cause mayhem for Marks & Spencer which has been unable to process online orders for days now Read More British man accused of being part of a hacking group who carried out a £9m cryptocurrency scam Bryan Vorndran, assistant director of FBI's cyber division, said: 'Today's arrest is a testimony to the strength of the FBI's domestic, international, and private sector partnerships.' M&S has faced a week of mayhem following the cyber attack over the Easter weekend.
Trade website Bleeping Computer said 'multiple sources' pointed to Scattered Spider having gained access to M&S's servers as far back as February before putting their plan into action over the bank holiday. As a result M&S paused its click-and-collect service, where customers order items online for collection from a shop. These orders are still being face disruption.
Julius Cerniauskas, chief executive of web intelligence experts Oxylabs, feared other firms could soon be targeted by hackers seeking to cause similar cyberspace chaos. 'Following the M&S cyber attack and the potential involvement of hacking group, Scattered Spider, all major UK retailers will be seriously worried if they'll be tangled in the web next,' he warned. 'The impact on the M&S share price shows the damage these attacks can do and will have many corporate retailers working day and night to ensure they do not suffer a similar fate.
Marks and Spencer says it is battling to restore its services following the Easter cyber hack Read More Notorious hackers are 'behind M&S cyber raid': Retail giant calls in Scotland Yard 'Ransomware gangs typically target companies like Marks & Spencer with the aim of causing maximum disruption to force a quick payout. By freezing critical systems, criminals create chaos for both customers and the business - affecting online orders, payments, and store operations. 'Their goal is simple: the greater the disruption, the greater the pressure on the company to pay the ransom.
'While it appears M&S has regained some control, preventing the situation from escalating further will depend on thorough system cleansing, patching vulnerabilities, and ensuring no backdoors have been left behind by the attackers.' Experts say criminal outfits like the Scattered Spiders pose a 'sophisticated threat' to the public and to businesses worldwide. Such cyber hackers typically demand up to £10million in ransom for returning full access to firms, say industry sources.
No arrests have been made over the M&S hack, a Met spokesman confirmed, adding: 'Detectives from the Met's cyber crime unit are investigating. Inquiries continue.' Detectives have been working alongside the National Cyber Security Centre and data watchdog the Information Commissioner's Office (ICO).
Marks & Spencer would not share details last night nor speculate on the culprit or confirm whether it has paid a ransom. In hacks such as this, criminals typically infiltrate an IT system, freeze it and demand payment from companies. An alleged cyber attack which has crippled Marks & Spencer has been linked to notorious teenage hacking gang, Scattered Spider.
Scotland Yard is now investigating It's believed ransomware called DragonForce may have been used in the attack on M&S, which has cost the retailer millions in lost sales and lower share prices. Ciaran Martin, the founding chief executive of the National Cyber Security Centre, said it had 'serious' consequences for the grocer. 'This is a pretty bad episode of ransomware,' he said.
'It is a highly disruptive event and a very difficult one for them to deal with.' It's unclear how long it will take for M&S to recover its systems. However, expert Lisa Forte - a partner at cyber security firm Red Goat - said getting anything back online in a week is 'never going to happen'.
'I don't know one organisation that could do it,' she told the BBC . A ransomware attack - described as like being a 'digital bomb' going off by one expert - could take weeks to fix. Official advice is not to pay, as you would be putting trust in a criminal gang who may not be true to their word in releasing the files and systems they have taken 'hostage'.
Tech experts are also warning people to change their online passwords to strengthen their own digital security. Las Vegas FBI Marks and Spencer Advertisement Share or comment on this article: The British teen 'Scattered Spider' hackers 'behind M&S cyber attack' as experts tell customers to change passwords and issue warning over 'ransomware' threat to UK retailers e-mail Add comment Comments 1 Share what you think Newest Oldest Best rated Worst rated View all The comments below have not been moderated. View all The views expressed in the contents above are those of our users and do not necessarily reflect the views of MailOnline.
Add your comment Enter your comment By posting your comment you agree to our house rules . Submit Comment Clear Close Do you want to automatically post your MailOnline comments to your Facebook Timeline? Your comment will be posted to MailOnline as usual. No Yes Close Do you want to automatically post your MailOnline comments to your Facebook Timeline? Your comment will be posted to MailOnline as usual We will automatically post your comment and a link to the news story to your Facebook timeline at the same time it is posted on MailOnline.
To do this we will link your MailOnline account with your Facebook account. We’ll ask you to confirm this for your first post to Facebook. You can choose on each post whether you would like it to be posted to Facebook.
Your details from Facebook will be used to provide you with tailored content, marketing and ads in line with our Privacy Policy ..
