Over the past few years, a cybercrime group called Scattered Spider has been wreaking havoc across numerous industries. Here’s everything you need to know.
Who are Scattered Spider
Scattered Spiders are a widespread group believed to be made up of young people, even teenagers. They mainly consist of native English speakers, often based in the US or the UK. Their central goal tends to be financial extortion.
They first gained attention at the end of 2023 when they launched ransomware attacks on Caesar’s Entertainment and MGM Resorts. The large collective tends to organize in various online spaces like forums, Discord, and Telegram, and are believed to be an offshoot of The Com, another notorious cybercrime group.
They tend to use social engineering tactics, such as impersonating employees or contractors, to gain access to company systems and networks. Once inside, they deploy ransomware to steal data and try to extort the organization. They have also been known to create convincing phishing websites that feature the names of the companies they’re targeting.
In 2024, five people believed to have been related to Scattered Spider, were arrested and charged following a campaign of phishing SMS text messages that sought to steal private company data as well as cryptocurrency.
Recent Scattered Spider activities
After reducing activity in 2024 following these arrests, Scattered Spider got back to business in mid-2025 with cyberattacks on major UK retailers. In mid-April, stores like Co-Op, Marks & Spencer, and Harrods had their internal systems attacked, in some cases locking out staff completely. This resulted in customer data theft, ransom demands, empty shelves, and lost profits.
In late June, the FBI posted on social media regarding Scattered Spider expanding its criminal activity into the airline sector. This came after multiple airlines had reported their internal systems had been hacked.
The recent arrests
In July, three months after the UK retailer cyber attacks first began, The National Crime Agency (NCA) arrested four people on suspicion of Computer Misuse Act offences, blackmail, money laundering, and participating in organized crime group activities. The suspects included a 20-year-old woman and three males aged between 17 and 19. Multiple electronic devices were also seized while the arrests were made.
Not the end?
Because of the unknown size and structure of Scattered Spider, it’s difficult to know whether the recent arrests will make much of an impact. Speaking with Wired, John Hultquist, chief analyst in Google’s threat intelligence group, said:
“Deterrence is extremely difficult because we’re essentially fighting a marketplace where a lot of the actors are replaceable. For instance, Scattered Spider has worked with multiple ransomware services, so if one goes down there’s always someone to replace them.”
Cora is a digital copywriter for SSLs.com. Having eight years of experience in online content creation, she is a versatile writer with an interest in a wide variety of topics, ranging from technology to marketing.