ZeroFox Intelligence Flash Report - Arrests Made in Relation to UK Retail Cyber Attacks

ZeroFox Intelligence Flash Report - Arrests Made in Relation to UK Retail Cyber Attacks

Product Serial: F-2025-07-11a

TLP:CLEAR

In this Flash report, ZeroFox researchers report on the recently announced arrests of individuals reportedly associated with a series of cyber attacks targeting the UK retail industry.

Standing Intelligence Requirements

For the most up-to-date list of ZeroFox’s Intelligence Requirements, please visit:

https://cloud.zerofox.com/intelligence/advisories/14956

Link to Download

View the full report here

Key Findings

• On July 10, 2025, four people were reportedly arrested in the United Kingdom as part of a National Crime Agency (NCA) investigation into a series of cyber attacks that occurred in late April 2025, targeting retail stores Marks & Spencer (M&S), Co-op, and Harrods.
• The series of cyberattacks targeting UK-based retail organizations began in mid-April 2025 when M&S publicly confirmed that it was managing an unspecified cyber incident.
• Initially, no cyber threat entity publicly claimed responsibility for the attacks, but widespread reporting alluded to the “Scattered Spider” threat collective being the perpetrators.
• If the arrested individuals are associated with Scattered Spider, it is likely that the collective’s operational tempo will reduce—particularly in the short term—with targeting pivoting toward industries and regions less likely to garner media and law enforcement attention.