1. Forum
  2. tqwNet
  3. TQW GENTECH

  • M&S thinks it might finally know what caused cyberattack - but st

    From TechnologyDaily@1337:1/100 to All on Wednesday, July 09, 2025 10:45:09
    M&S thinks it might finally know what caused cyberattack - but still won't
    say if it paid a ransom

    Date:
    Wed, 09 Jul 2025 09:35:57 +0000

    Description:
    M&S says DragonForce (not DragonForce Malaysia) is responsible for the
    attack, but we still don't know if a ransom has been paid.

    FULL STORY ======================================================================M&S chairman Archie Norman attributes recent ransomware attack to DragonForce Law enforcement is still involved, and we don't know any ransom details Norman is calling for greater transparency and cyberattack reporting

    M&S is still refusing to confirm whether it paid a ransom following a recent major cyberattack , but at least we have an indication of its cause.

    It's believed the attack was carried out by DragonForce, a ransomware operation believed to be based in Asia or Russia a separate group from hacktivists at the similarly-named DragonForce Malaysia.

    M&S chairman Archie Norman explained disclosing details of any ransom would not be in the public interest, given that law enforcement agencies are still involved with the case. M&S shares more information on attack

    "Weve said that we are not discussing any of the details of our interaction with the threat actor," Norman, speaking at a UK Parliament heading on cyberattacks in the retail sector, stressed.

    We now know the initial breach occurred via social engineering, with the attacker impersonating an M&S worker and tricking a third party into
    resetting an employee's password.

    The Financial Times revealed just weeks after the cyberattack that Tata Consultancy Services, a third party that M&S uses to help manage help desk support could have been inadvertently tied up in the breach.

    Attackers threatened to leak the acquired data, but they also encrypted it from M&S in what's known as a double extortion attack. In May, M&S confirmed that names, birth dates, addresses, phone numbers, household information and order histories were all included.

    150GB of data was reportedly stolen before M&S shut down systems to prevent further spread, leading to delivery disruptions. Recovery efforts are still ongoing, with Norman expecting full recovery by October or November 2025.

    DragonForce has not posted M&S data, possibly implying that a ransom could have been paid or that negotiations are ongoing.

    Looking ahead, Norman is calling for more transparency around reporting cyberattacks: "We have reason to believe there've been two major cyberattacks on large British companies in the last four months which have gone unreported," he said.

    Via Reuters You might also like M&S online orders are back following cyberattack - here's what you need to know Enhance protection by using the best authenticator apps We've listed the bets firewall software



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/m-and-s-thinks-it-might-finally-know-wh at-caused-cyberattack-but-still-wont-say-if-it-paid-a-ransom


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)