Cyber-security researchers at CrowdStrike formed the name “Scattered Spider” because of the group’s sporadic nature, but other cyber-companies have given the cluster nicknames including Octo Tempest and Muddled Libra.
The group was also linked to high-profile attacks including on two US casinos in 2023 and Transport for London last year.
And in November, the US charged five British and American men and boys in their twenties and teens for alleged Scattered Spider activity. One is 23-year-old Scottish man Tyler Buchanan, who has not made a plea, and the rest are US based.
NCA investigators will not say how the retail hackers have managed to breach victim organisations but earlier this month, the National Cyber Security Centre issued guidance to organisations urging them to review their IT help desk password reset processes.
“Calling up IT help desks is a tactic that Scattered Spider seems to favour and they use social engineering techniques to manipulate someone into doing something like clicking on a link or resetting someone’s account to a password they can use,” Lisa Forte, from cyber-security firm Red Goat, explained.
In the BBC documentary, a former teen hacker who was arrested nine years ago and now works in cyber-security, said he was not surprised that teenagers could be behind the hacks.
“It wouldn’t surprise me – quite [the] opposite. The tools are readily available and it’s very easy to jump online and search straight away. You can feel a bit untouchable but for what end? You’re gonna be arrested 99% of the time,” he said.
