Investigators in the UK detain four individuals in the course of an investigation into a series of cyberattacks targeting retail companies.

Investigators in the UK detain four individuals in the course of an investigation into a series of cyberattacks targeting retail companies.

**Breaking News: Four Suspected Members of Cybercrime Collective Scattered Spider Arrested in the U.K.**

In a significant development, four individuals, aged 19, 17, 20, and 23, were arrested in the U.K. on Thursday as part of an ongoing investigation into high-profile cyberattacks on retail giants Harrods, Marks & Spencer, and Co-op in April.

The suspects are believed to be affiliated with Scattered Spider, a decentralised collective with English-speaking members across the U.K. and the U.S., making it unclear whether the arrested individuals were involved in additional attacks.

The National Crime Agency (NCA) is leading the investigation, with assistance from the West Midlands Regional Organised Crime Unit and the East Midlands Special Operations Unit. The arrested individuals are suspected of violating the Computer Misuse Act, blackmail, money laundering, and participating in organized crime activities.

Multiple electronic devices were seized during the arrests for forensic analysis. The NCA's Deputy Director, Paul Foster, stated that the investigation remains one of the agency's highest priorities.

Co-op, one of the retail giants targeted in the cyberattacks, has been actively engaged with the NCA and relevant authorities. Meanwhile, the FBI appreciates the work of the UK partners in combating cyber threats and remains committed to supporting and coordinating with foreign partners to disrupt the cybercrime ecosystem.

Scattered Spider, an offshoot of a larger network known as "The Com," has been involved in various cybercrimes, including social engineering, phishing, and ransomware attacks. The group operates with a tiered structure, featuring a tight inner circle and a larger, more fluid pool of members.

The group is known for its highly effective social engineering tactics, particularly voice phishing, where they impersonate employees to gain initial access to systems. Once inside, they deploy ransomware and can cripple server environments quickly—sometimes within 24 hours.

Since 2022, Scattered Spider has compromised more than 100 businesses, including notable hospitality companies like Caesars Entertainment and MGM Resorts in 2023. Their attacks have continued into 2025, affecting retailers, insurance companies, airlines, and other sectors.

International collaboration in combating Scattered Spider is crucial. Companies are advised to reinforce their security protocols, particularly focusing on vulnerable help desk systems and multifactor authentication processes. Additionally, awareness and training for employees on social engineering tactics can reduce the risk of successful attacks.

While specific details on international cooperation efforts against Scattered Spider are limited, cybersecurity firms and researchers are actively monitoring and analyzing the group's activities to develop targeted strategies to combat their attacks.

Charles Carmakal, CTO at Mandiant Consulting, stated that the aggressive social engineering tactics and relentless pursuit of access by Scattered Spider have resulted in significant damage to organisations in the U.K. and U.S. The action by law enforcement underscores the critical importance of international collaboration in combating cybercrime.

A 23-year-old from Scotland, previously associated with Scattered Spider, was extradited to the U.S. in April after being held in Spain since last year. This arrest marks a significant step in the probe, but work continues to identify and arrest more suspected hackers.

Sources: [1] Mandiant Threat Intelligence Report, Q4 2023 [2] Mandiant Threat Intelligence Report, Q1 2024 [3] Mandiant Threat Intelligence Report, Q2 2024 [4] CyberCube Analytics, Scattered Spider Threat Assessment, 2025

1. In the ongoing investigation into the cyberattacks on retail giants, there has been a heightened focus on the use of phishing tactics by cybercriminals, specifically Scattered Spider, which has been implicated in social engineering, ransomware, and other forms of cybercrime.
2. The executed arrests of four suspected members of Scattered Spider serve as a reminder that cybersecurity in general-news and technology sectors is vulnerable to various threats such as blackmail, money laundering, and organized crime activities, all of which contribute to crime-and-justice issues.
3. As part of the effort to stem the tide of cybercrime, an increased emphasis is being placed on technology and cybersecurity measures, including reinforcing security protocols, safeguarding vulnerable help desk systems, and implementing multifactor authentication processes to protect against current and future threats posed by groups like Scattered Spider.
4. With Scattered Spider targeting a wide range of sectors such as retail, hospitality, insurance, airlines, and more, international collaboration remains essential for effective cooperation in the global fight against cybercrime, thus enhancing overall privacy and security for citizens worldwide.

Read also: