The hackers who launched a devastating attack on Marks and Spencer‘s computer systems have hinted at their political allegiance – amid a vow to protect ‘the former Soviet Union’ from the technology used.
Cybercrime group DragonForce claimed responsibility for the ongoing meltdown that caused the retail giant to pause its click and collect service.
The group also admitted to later carrying out an attack on Co-op, saying ‘personal data such as names and contact details’ had been taken from its membership scheme.
DragonForce, who say their job is ‘not to destroy’, but ‘just take some money and walk away’ claimed more than 90 victims last year and targeted companies across various industries.
But now, new motives and allegiances have come to light after the group appeared to use a dark web forum threatening to ‘punish any violations’ by other hackers planning to use its ransomware in Russia or the former Soviet states.
A statement which claimed to be from the group, released at the end of last month, read: ‘Any attack by our software on critical infrastructure, hospitals where patients, children, and the elderly are kept, or on the countries of the former Soviet Union, is a PROVOCATION [sic] by unscrupulous partners.’
It added: ‘We, as regulators, are doing our best to counteract this, and we will punish any violations, as well as assist in solving the problems of the affected parties.’
The recent attacks have been linked to the notorious English-speaking teenage hacking gang, Scattered Spider.
The hack has cause mayhem for Marks & Spencer meaning it was unable to process online orders
British teenagers have been linked to the notorious Scattered Spider hacking group responsible for the cyber attack that continues to cripple Marks & Spencer’s
Scattered Spider uses the hacking tools developed by the Russia-linked group known as BlackCat and ALPHV, a possible indication of a business partnership between the groups to share in ransom payments.
However, Investigators believe the attackers on this occasion used a hacking tool from DragonForce, which bills itself as a ‘ransomware cartel’, to carry out the breach.
The gang has previously been linked with major hacks that incapacitated casino giants MGM Resorts International and Caesers Entertainment.
Reportedly using a digital attack to knock out slot machines at MGM and disrupt other systems, members raided personal details of customers in a separate incident at Caesers.
DragonForce is considered distinctive for its ‘white label’ ransomware which allows other hackers use one they have gained access to a target’s systems.
Monitoring of the group by The Observer identified 167 alleged victims in total across 32 countries, including 87 in the US, 17 in the UK, eight in Australia, eight in Italy and five in Canada.
When approached for comment about a forthcoming statement released by the group which read ‘We are not here to kill; we are here to make money and do business with corporations that have gotten their hands dirty’, a DragonForce spokesman said: ‘We’re not providing any comments at this time, but thank you for reaching out.’
