Hackers responsible for a series of destructive, financially driven assaults on some of the United Kingdom's leading retailers are now targeting major American firms, Google noted earlier this week.
“Major American retailers have already been targeted,” John Hultquist, the chief analyst for Google’s Threat Intelligence Group, told NBC News.
In recent weeks, cyberattacks have targeted at least three major British retailers. Marks & Spencer had to pause online orders for several weeks. Hackers contacted the BBC and presented evidence of "huge amounts of customer and employee data" stolen from the Co-op Group. The third, Harrods, blocked certain internet access at store locations, although the spokesperson told NBC News that there is no proof that consumer data was stolen.
Hultquist declined to identify specific American retailers the hackers may be targeting. The National Retail Federation, which represents thousands of firms such as Walmart and Target, acknowledged the threat.
"U.S.-based retailers are aware of the threats posed by cybercriminal groups that have recently attacked several major retailers in the United Kingdom, and many companies have taken steps to harden themselves against these criminal groups’ tactics over the past two years,” Christian Beckner, the NRF's vice president of retail technology and cybersecurity stated.
Google, one of the world's top tech firms, supplies cloud storage, networking, and security measures to some of the world's largest retailers, providing it significant insight into how hackers operate. It's unclear whether the hackers targeted retail organisations for technical reasons, such as a vulnerability in a standard industry software program.
In recent years, for-profit hackers have demonstrated their ability to get access to major firms' computer systems and profit by holding data and entire networks for ransom. The hacking effort in the United Kingdom is strikingly similar to the one that caused parts of some Las Vegas casinos to close in 2023.
As a result, MGM Resorts, the owners of the Bellagio and Mandalay Bay, closed some casino floors, preventing customers from accessing their rooms via keycards. The same hackers broke into Caesars Entertainment, but unlike MGM, Caesars paid the hackers immediately and did not endure extensive service disruptions.
That hacking campaign was noteworthy as it was the first time a Russian-speaking cyber crime cell and a group of young, mostly English-speaking hackers had worked together to effectively access high-level corporate accounts. According to Hultquist, the same loosely related group that initially granted access to the British businesses is now targeting those in the United States. It appears to have largely avoided high-profile targets in the interim.
The casinos, as well as the Co-op Group and Marks & Spencer, were infected with ransomware, which is a type of malicious software that hackers use to lock down critical systems and steal sensitive data. They then demand money for either not using the information or for assistance in making the computer systems usable again.