[German]The UK has a problem with young cyber criminals. British police have arrested four people between the ages of 17 and 20, one of whom is a woman. Those arrested are suspected of carrying out the hack on the British retailers Co-Op, Marks & Spencer (M&S) and Harrods. The companies were unable to work for weeks following a ransomware attack.
The attack on M&S and other retailer
I n April 2025, three British retail groups: Marks & Spencer (M&S), Co-op (food) and Harrods (luxury department store) fell victim to cyber criminals. The attacks became known at the beginning of May 2025.
A helpdesk password reset, initiated by the cybercriminals, opened the door to the IT of the trading companies concerned. The attackers then gained full access, spread across the network and extracted data. They then detonated ransomware that selectively encrypted data. This was followed by a ransom extortion. The companies' business operations were disrupted for weeks afterwards.
Nic Adams, co-founder and CEO of 0rcus, told me that the cyber attacks at Marks & Spencer, Co-op and Harrods were coordinated campaigns executed with clockwork precision. The attacks were probably carried out by DragonForce and Scattered Spider in cooperation, following the same pattern. I reported on this in my German blog post DragonForce: Cybergruppe für Angriffe auf britische Händler und mehr verantwortlich.
Arrests in Great Britain
The British police (or rather their National Crime Agency) have now presumably achieved a success, as four suspects have been arrested in the UK.
In this announcement, the UK National Crime Agency (NCA) announced that four people have been arrested in the UK as part of an investigation into cyber-attacks on M&S, Co-op and Harrods. They are two men aged 19, another aged 17 and a 20-year-old woman.
The suspects were arrested in the West Midlands and London on 10 July 2025 on suspicion of Computer Misuse Act offences, racketeering, money laundering and involvement in the activities of an organized crime group at their respective residences. The suspects' electronic devices were also seized for digital forensic analysis.
The detainees remain in custody for questioning by officers from the NCA's National Cyber Crime Unit in connection with the three attacks. With regard to the opening comment that the UK has a problem with young cyber criminals: The case of the Lapsus$ group discussed in subsequent links here on the blog crossed my mind. Here too, British teenagers were involved in cyber attacks on large companies.
Similar articles:
Lapsus$ hacker group debunked? Teenager from Britain and Brazil suspected
17 year old arrested in England for Uber hack, member of Lapsus$ group?
Lapsus$ Hacker (GTA6) send to hospital indefinitely by court
