UK police arrest four in connection with M&S, Co-op, and Harrods cyberattacks

Four people have been arrested as part of a police investigation into cyberattacks that disrupted the operations of retailers Marks & Spencer, the Co-op, and Harrods, Britain's National Crime Agency said.

The cyberattack on M&S was the most serious, costing it about £300 million ($409 million) in lost operating profit.

The NCA said two males aged 19, another aged 17, and a 20-year-old female were apprehended in the West Midlands, central England, and London on Thursday on suspicion of Computer Misuse Act offences, blackmail, money laundering, and participating in the activities of an organized crime group.

According to the BBC, one of the suspects, the 19-year-old, is from Latvia. The rest are from the UK.

“Since these attacks took place, specialist NCA cybercrime investigators have been working at pace and the investigation remains one of the Agency's highest priorities,” said Deputy Director Paul Foster, head of the NCA's National Cyber Crime Unit.

“Today's arrests are a significant step in that investigation but our work continues, alongside partners in the UK and overseas, to ensure those responsible are identified and brought to justice.”

The NCA said all four were arrested at their home addresses and had their electronic devices seized for digital forensic analysis.

They remain in custody for questioning by officers from the NCA's National Cyber Crime Unit. Presumably, all those arrested belong to Scattered Spider, a cybercrime gang, which has been sharpening its phishing campaigns to attack big businesses in recent months.

According to Charles Carmakal, CTO, Mandiant Consulting, the arrests of alleged Scattered Spider members is a significant win in the ongoing fight against this collective.

"Their aggressive social engineering tactics and relentless pursuit of access have proven particularly challenging for many defenders and resulted in considerable damage to organizations in the UK and US," said Carmakal.

"This action by law enforcement underscores the critical importance of international collaboration in combating cybercrime. Previous arrests have impacted their operations, causing a significant lull in activity."

The chairman of M&S Archie Norman told MPs this week that it felt like the hack was an attempt to destroy the business.

The NCA said all four were arrested at their home addresses and had their electronic devices seized for digital forensic analysis.

Clearly aggrieved, he also said that UK businesses and organizations should be legally required to report any major cyberattack that significantly impacts their operations.

Norman told the UK’s Business and Trade Sub-Committee on Economic Security, Arms and Export Controls that he had learned that “quite a large number” of serious cyberattacks never get reported to the National Cyber Security Centre.