Hacking Spree Hits UK Retail Giants
Credit to Author: Matt Burgess, Lily Hay Newman, Dhruv Mehrotra| Date: Sat, 03 May 2025 10:30:00 +0000
Researchers unveiled a cluster of vulnerabilities in Apple’s wireless media streaming platform AirPlay this week that leave millions of third-party devices like speakers and TVs vulnerable to takeover if an attacker is on the same Wi-Fi network as the victim gadget. These “AirBorne” vulnerabilities have all been patched—including some that potentially impacted Apple’s Mac computers—but, in practice, third-party devices may not all get fixes, and even if they do, patch adoption could be low.
Records reviewed by WIRED show that utilizing car subscription features can substantially raise your risk of being subjected to government surveillance, because such services generate troves of data that are valuable to law enforcement. WIRED also did a deep dive on North Korea’s yearslong campaign to place IT workers inside companies in North American, the United Kingdom, and Europe. The schemes are more effective than ever as scammers incorporate AI into their workflows.
WhatsApp designed a special cloud processing platform called Private Processing to allow new AI tools to work in the secure messenger without compromising its end-to-end encryption. Experts warn, though, that it could create enticing targets for hackers. And we have a guide for navigating the privacy risks of using ChatGPT’s new image generator to do seemingly fun and innocuous projects like making an action figure version of yourself.
But wait, there's more! Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
Three separate retailers in the UK—including the supermarket Co-op and thedepartment stores Marks & Spencer and Harrods—have all revealed they have recently been subject to cyberattacks, with the intrusions and widespread impact seemingly ongoing. Toward the end of April, Marks & Spencer revealed it had been the victim of a “cyber incident.” Over the following two weeks, it has been forced to pause online orders within its apps, some food has been missing from its shelves, and it has paused recruitment and other “normal processes.” Staff at Co-op have been told to keep webcams turned on during remote meetings and check who is attending calls, after shutting down parts of its IT systems in response to its own hack. Harrods, meanwhile, told customers to “not do anything differently at this point.”
At the time of writing, none of the retailers have detailed the specific nature of the cyberattacks or the full scale of the impacts. It is also unclear if the attacks are linked. Bloomberg has reported a ransomware cartel dubbed DragonForce has claimed it and its partners were behind the attacks. The so-called cartel provides “infrastructure and tools” to hackers but “doesn't require affiliates to deploy its ransomware,” according to research from security firm Secureworks. The hacked companies did not respond to Bloomberg about the claims.
Bleeping Computer originally reported that the threat actors known as Scattered Spider were allegedly behind the attack on Marks & Spencer. The publication reported that the company’s servers were encrypted by ransomware, with the intrusion beginning as early as February. The attribution to Scattered Spider has not been confirmed by Marks & Spencer.
Over the past two years, Scattered Spider has emerged as one of the most prolific and dangerous sets of hackers currently operating. The threat actors are not a well-defined group of hackers. Instead, they’re more a loose collective that uses social engineering—such as phishing and voice calls—to gain initial access into company networks. Scattered Spider members are often English-speaking, teenaged, and can be members of the heinous criminal group the Com. The hackers have been active since June 2022 and have targeted more than 100 companies—including the high-profile hacks on Caesar's Entertainment and MGM Resorts in 2023.
French authorities have condemned Russia’s military intelligence agency, accusing it of orchestrating a series of high-profile cyberattacks—including the hacking of Emmanuel Macron’s 2017 presidential campaign, a brazen 2015 assault on the TV channel TV5 Monde, and recent intrusion attempts targeting organizations involved in preparing the 2024 Paris Olympic Games.
French authorities have also disclosed the name and location of a GRU unit tied to the notorious hacking group APT28—information that had never before been officially released. Unit 20728 is based in the southern Russian city of Rostov-on-Don and operates out of the "166th Information Research Center."
This marks the first time French officials have publicly assigned blame to a foreign intelligence service following an internal attribution process. The timing is significant, coming as Paris positions itself at the forefront of Europe’s support for Ukraine.
The Trump administration has taken the first step toward blacklisting a Cambodian financial conglomerate at the center of a global money laundering network. On Thursday, the Treasury Department designated Huione Group as a money-laundering operation, alleging that the company and its affiliates have laundered more than $4 billion for criminals, including North Korean hackers and online scammers.
These scammers—who defraud victims through bogus investments and other schemes—rely on Huione and its affiliates to move funds abroad to evade both law enforcement and anti-money-laundering systems. The proposed action represents the most significant effort yet to crack down on Huione, which is tied to what experts believe to be the “largest illicit marketplace”: Huione Guarantee. According to WIRED’s January report, the marketplace has likely facilitated over $24 billion in gray-market transactions. Experts believe the platform operates as a one-stop shop for scammers, offering everything from victim contact lists and deepfake tools to fake investment websites and other illicit services.
Slowly but surely, the password is dying. Over the past two years, passkeys—a stronger method of authentication that doesn’t require you to remember or use a password—have become more common. The rollout of the technology has been piecemeal, but big tech companies have worked for years to create the alternative, which is more secure than passwords. This week, Microsoft announced that people setting up new accounts with the company won’t have to create passwords at all. “New Microsoft accounts will now be ‘passwordless by default,’” the company wrote in a blog post. Microsoft is also pushing people further away from passwords and will “detect” the best way for people to lo in to their accounts if they have set up alternatives to passwords.