{
	"id": "845edc4e-3f26-4ded-84b1-9f52fa898203",
	"created_at": "2026-04-06T00:08:49.481244Z",
	"updated_at": "2026-04-10T13:11:39.659371Z",
	"deleted_at": null,
	"sha1_hash": "60183eaf3871a2e03f1b03d4995d58ac2c0bb915",
	"title": "Harrods the next UK retailer targeted in a cyberattack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 2967967,
	"plain_text": "Harrods the next UK retailer targeted in a cyberattack\r\nBy Lawrence Abrams\r\nPublished: 2025-05-01 · Archived: 2026-04-05 16:03:28 UTC\r\nLondon's iconic department store, Harrods, has confirmed it was targeted in a cyberattack, becoming the third major UK\r\nretailer to report cyberattacks in a week following incidents at M\u0026S and the Co-op.\r\nIn a statement shared with BleepingComputer, Harrods says threat actors recently attempted to hack into their systems,\r\ncausing the company to restrict access to sites.\r\n\"We recently experienced attempts to gain unauthorised access to some of our systems,\" Harrods told BleepingComputer.\r\nhttps://www.bleepingcomputer.com/news/security/harrods-the-next-uk-retailer-targeted-in-a-cyberattack/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/harrods-the-next-uk-retailer-targeted-in-a-cyberattack/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\n\"Our seasoned IT security team immediately took proactive steps to keep systems safe and as a result we have restricted\r\ninternet access at our sites today.\"\r\n\"Currently all sites including our Knightsbridge store, H beauty stores and airport stores remain open to welcome customers.\r\nCustomers can also continue to shop via harrods.com.\"\r\n\"We are not asking our customers to do anything differently at this point and we will continue to provide updates as\r\nnecessary.\"\r\nHarrods has not shared any further details in response to BleepingComputer's questions, such as whether systems were\r\nbreached or if data was stolen.\r\nHowever, the decision to restrict access to some platforms indicates that they are actively responding to the attack.\r\nThis incident follows shortly after two other prominent UK retailers, Marks and Spencer and Co-op disclosed cyberattacks.\r\nM\u0026S and Co-op also hit by cyberattacks\r\nLast week, Marks and Spencer confirmed it had suffered a cyberattack that led to disruption of its online ordering systems,\r\ncontactless payments, and Click \u0026 Collect service.\r\nBleepingComputer later confirmed the attack was linked to threat actors associated with the \"Scattered Spider\" tactics, who\r\ndeployed the DragonForce ransomware on the company's network.\r\nYesterday, Co-op also disclosed a cyber incident, stating they experienced attempts to hack into their network.\r\nHowever, an internal email sent by Chief Digital and Information Officer Rob Elsey and seen by ITV News indicates the\r\nbreach is larger than initially stated, telling employees that VPN access was disabled and urging staff to be vigilant when\r\nusing email and Microsoft Teams.\r\n\"When running a Microsoft Teams call, please ensure all attendees are as expected and that users are on camera,\" reads a\r\nportion of the email.\r\n\"Don't post sensitive information in the Teams chat function such as colleague, client, customer or member related data.\"\r\nLaw enforcement has not released an official advisory related to these attacks, but as M\u0026S and Co-op are both believed to\r\nhave started with social engineering attacks, we will likely see a bulletin released shortly.\r\nhttps://www.bleepingcomputer.com/news/security/harrods-the-next-uk-retailer-targeted-in-a-cyberattack/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/harrods-the-next-uk-retailer-targeted-in-a-cyberattack/\r\nhttps://www.bleepingcomputer.com/news/security/harrods-the-next-uk-retailer-targeted-in-a-cyberattack/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/harrods-the-next-uk-retailer-targeted-in-a-cyberattack/"
	],
	"report_names": [
		"harrods-the-next-uk-retailer-targeted-in-a-cyberattack"
	],
	"threat_actors": [
		{
			"id": "9ddc7baf-2ea7-4294-af2c-5fce1021e8e8",
			"created_at": "2023-06-23T02:04:34.386651Z",
			"updated_at": "2026-04-10T02:00:04.772256Z",
			"deleted_at": null,
			"main_name": "Muddled Libra",
			"aliases": [
				"0ktapus",
				"Scatter Swine",
				"Scattered Spider"
			],
			"source_name": "ETDA:Muddled Libra",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d",
			"created_at": "2022-10-25T16:07:24.139848Z",
			"updated_at": "2026-04-10T02:00:04.878798Z",
			"deleted_at": null,
			"main_name": "Safe",
			"aliases": [],
			"source_name": "ETDA:Safe",
			"tools": [
				"DebugView",
				"LZ77",
				"OpenDoc",
				"SafeDisk",
				"TypeConfig",
				"UPXShell",
				"UsbDoc",
				"UsbExe"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "7da6012f-680b-48fb-80c4-1b8cf82efb9c",
			"created_at": "2023-11-01T02:01:06.643737Z",
			"updated_at": "2026-04-10T02:00:05.340198Z",
			"deleted_at": null,
			"main_name": "Scattered Spider",
			"aliases": [
				"Scattered Spider",
				"Roasted 0ktapus",
				"Octo Tempest",
				"Storm-0875",
				"UNC3944"
			],
			"source_name": "MITRE:Scattered Spider",
			"tools": [
				"WarzoneRAT",
				"Rclone",
				"LaZagne",
				"Mimikatz",
				"Raccoon Stealer",
				"ngrok",
				"BlackCat",
				"ConnectWise"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "6608b798-f92b-42af-a93f-d72800eeb3a3",
			"created_at": "2023-11-30T02:00:07.292Z",
			"updated_at": "2026-04-10T02:00:03.482199Z",
			"deleted_at": null,
			"main_name": "DragonForce",
			"aliases": [],
			"source_name": "MISPGALAXY:DragonForce",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "843f4240-33a7-4de4-8dcf-4ff9f9a8c758",
			"created_at": "2025-07-24T02:05:00.538379Z",
			"updated_at": "2026-04-10T02:00:03.657424Z",
			"deleted_at": null,
			"main_name": "GOLD FLAME",
			"aliases": [
				"DragonForce"
			],
			"source_name": "Secureworks:GOLD FLAME",
			"tools": [
				"ADFind",
				"AnyDesk",
				"Cobalt Strike",
				"FileSeek",
				"Mimikatz",
				"SoftPerfect Network Scanner",
				"SystemBC",
				"socks.exe"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "c3b908de-3dd1-4e5d-ba24-5af8217371f0",
			"created_at": "2023-10-03T02:00:08.510742Z",
			"updated_at": "2026-04-10T02:00:03.374705Z",
			"deleted_at": null,
			"main_name": "Scattered Spider",
			"aliases": [
				"UNC3944",
				"Scattered Swine",
				"Octo Tempest",
				"DEV-0971",
				"Starfraud",
				"Muddled Libra",
				"Oktapus",
				"Scatter Swine",
				"0ktapus",
				"Storm-0971"
			],
			"source_name": "MISPGALAXY:Scattered Spider",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "d093e8d9-b093-47b8-a988-2a5cbf3ccec9",
			"created_at": "2023-10-14T02:03:13.99057Z",
			"updated_at": "2026-04-10T02:00:04.531987Z",
			"deleted_at": null,
			"main_name": "Scattered Spider",
			"aliases": [
				"0ktapus",
				"LUCR-3",
				"Muddled Libra",
				"Octo Tempest",
				"Scatter Swine",
				"Scattered Spider",
				"Star Fraud",
				"Storm-0875",
				"UNC3944"
			],
			"source_name": "ETDA:Scattered Spider",
			"tools": [
				"ADRecon",
				"AnyDesk",
				"ConnectWise",
				"DCSync",
				"FiveTran",
				"FleetDeck",
				"Govmomi",
				"Hekatomb",
				"Impacket",
				"LOLBAS",
				"LOLBins",
				"LaZagne",
				"Living off the Land",
				"Lumma Stealer",
				"LummaC2",
				"Mimikatz",
				"Ngrok",
				"PingCastle",
				"ProcDump",
				"PsExec",
				"Pulseway",
				"Pure Storage FlashArray",
				"Pure Storage FlashArray PowerShell SDK",
				"RedLine Stealer",
				"Rsocx",
				"RustDesk",
				"ScreenConnect",
				"SharpHound",
				"Socat",
				"Spidey Bot",
				"Splashtop",
				"Stealc",
				"TacticalRMM",
				"Tailscale",
				"TightVNC",
				"VIDAR",
				"Vidar Stealer",
				"WinRAR",
				"WsTunnel",
				"gosecretsdump"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "e424a2db-0f5a-4ee5-96d2-5ab16f1f3824",
			"created_at": "2024-06-19T02:03:08.062614Z",
			"updated_at": "2026-04-10T02:00:03.655475Z",
			"deleted_at": null,
			"main_name": "GOLD HARVEST",
			"aliases": [
				"Octo Tempest ",
				"Roasted 0ktapus ",
				"Scatter Swine ",
				"Scattered Spider ",
				"UNC3944 "
			],
			"source_name": "Secureworks:GOLD HARVEST",
			"tools": [
				"AnyDesk",
				"ConnectWise Control",
				"Logmein"
			],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775434129,
	"ts_updated_at": 1775826699,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/60183eaf3871a2e03f1b03d4995d58ac2c0bb915.pdf",
		"text": "https://archive.orkl.eu/60183eaf3871a2e03f1b03d4995d58ac2c0bb915.txt",
		"img": "https://archive.orkl.eu/60183eaf3871a2e03f1b03d4995d58ac2c0bb915.jpg"
	}
}