Hackers behind a series of destructive, financially motivated cyberattacks against some of the U.K.’s largest retailers are now going after big American brands, Google said Wednesday.
“Major American retailers have already been targeted,” John Hultquist, the chief analyst for Google’s Threat Intelligence Group, told NBC News.
At least three top British retailers have experienced cyberattacks in recent weeks. Marks & Spencer was forced to pause online orders for weeks. Hackers who contacted the BBC provided evidence of “huge amounts of customer and employee data” stolen from the Co-op Group. The third, Harrods, restricted some internet access at store locations, though a spokesperson told NBC News that it has not seen evidence that customer data was stolen.
Hultquist declined to name which American retailers the hackers may be going after.
The National Retail Federation, which represents thousands of companies including Walmart and Target, acknowledged the threat.
“U.S.-based retailers are aware of the threats posted by cybercriminal groups that have recently attacked several major retailers in the United Kingdom, and many companies have taken steps to harden themselves against these criminal groups’ tactics over the past two years,” Christian Beckner, the NRF’s vice president of retail technology and cybersecurity, told NBC News in a statement.
As one of the world’s largest tech companies, Google sells services like cloud storage, networking and security protections to some of the biggest retailers in the world, providing it significant insight into how hackers operate.
It’s not yet clear if there is a technical reason for the hackers to target retail companies, such as a vulnerability in a shared industry software program.
For-profit hackers have in recent years proven adept at accessing the computer systems of major companies and profiting by holding data and entire networks for ransom.
The U.K. hacking campaign strongly echoes the one that shut down parts of some Las Vegas casinos in 2023. That led to MGM Resorts, the owner of the Bellagio and Mandalay Bay, shutting down some casino floors, leaving guests unable to access their rooms with keycards. The same hackers also broke into Caesars Entertainment, but Caesars, unlike MGM, promptly paid the hackers, and it did not experience widespread service outages.
That hacking campaign was notable as the first widely known collaboration between a group of young, largely English-speaking hackers who successfully gained access to high-level corporate accounts, and a Russian-speaking cybercrime group.
That same loosely affiliated group provided initial access to the British retailers and is now going after U.S. ones, Hultquist said. It appears to have largely avoided high-profile targets in the interim.
The casinos, as well as the Co-op Group and Marks and Spencer, were infected with ransomware, a type of malicious software that hackers install on critical systems to lock them up and steal sensitive information. They then demand a payment to either not exploit the information or for help making those computer systems usable again.
