{"id":29316,"date":"2025-05-03T08:25:30","date_gmt":"2025-05-03T12:25:30","guid":{"rendered":"https:\/\/worldjusticenews.com\/news\/?p=29316"},"modified":"2025-05-03T08:25:30","modified_gmt":"2025-05-03T12:25:30","slug":"dragonforce-hackers-group-give-proof-of-cyber-attack-against-co-op-and-claim-attacks-against-ms-and-harrods","status":"publish","type":"post","link":"https:\/\/worldjusticenews.com\/news\/2025\/05\/03\/dragonforce-hackers-group-give-proof-of-cyber-attack-against-co-op-and-claim-attacks-against-ms-and-harrods\/","title":{"rendered":"DragonForce hackers group give proof of cyber attack against Co-op and claim attacks against M&#038;S and Harrods"},"content":{"rendered":"<div class=\"ssrcss-1w03aro-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\"><b class=\"ssrcss-1xjjfut-BoldText e5tfeyi3\">Cyber criminals have told BBC News their hack against Co-op is far more serious than the company previously admitted.<\/b><\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">Hackers contacted the BBC with proof they had infiltrated IT networks and stolen huge amounts of customer and employee data.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">After being approached on Friday, a Co-op spokesperson said the hackers &#8220;accessed data relating to a significant number of our current and past members&#8221;.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">Co-op had previously said that it had taken &#8220;proactive measures&#8221; to fend off hackers and that it was only having a &#8220;small impact&#8221; on its operations.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">It also assured the public that there was &#8220;no evidence that customer data was compromised&#8221;.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-1w03aro-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">The cyber criminals claim to have the private information of 20 million people who signed up to Co-op&#8217;s membership scheme, but the firm would not confirm that number.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">The criminals, who are using the name DragonForce, say they are also responsible for the ongoing attack on M&amp;S and an attempted hack of Harrods.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">The attacks have led government minister Pat McFadden to warn companies to &#8220;treat cyber security as an absolute priority&#8221;.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">The anonymous hackers showed the BBC screenshots of the first extortion message they sent to Co-op&#8217;s head of cyber security in an internal Microsoft Teams chat on 25 April.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">&#8220;Hello, we exfiltrated the data from your company,&#8221; the chat says.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">&#8220;We have customer database, and Co-op member card data.&#8221;<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-1w03aro-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<div class=\"ssrcss-1le81vw-ListContainer e5tfeyi0\">\n<ul role=\"list\">\n<li>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\"><a class=\"ssrcss-f6h2dj-InlineLink e1kn3p7n0\" href=\"https:\/\/www.bbc.co.uk\/news\/articles\/cg72k851dd8o\" target=\"_blank\" rel=\"noopener\">Co-op staff told to keep cameras on in meetings<\/a><\/p>\n<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"ssrcss-1w03aro-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">They also showed screenshots of a call with the head of security which took place around a week ago.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">The hackers say they messaged other members of the executive committee too as part of their scheme to blackmail the firm.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">Co-op has more than 2,500 supermarkets as well as 800 funeral homes and an insurance business.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">It employs around 70,000 staff nationwide.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">The cyber attack was announced by the company on Wednesday.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">On Thursday, it was revealed Co-op staff were being urged to keep their cameras on during Teams meetings, ordered not to record or transcribe calls, and to verify that all participants were genuine Co-op staff.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">The security measure now appears to be a direct result of the hackers having access to internal Teams chats and calls.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">DragonForce shared databases with the BBC that includes usernames and passwords of all employees.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">They also sent a sample of 10,000 customers data including Co-op membership card numbers, names, home addresses, emails and phone numbers.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">The BBC has destroyed the data it received, and is not publishing or sharing these documents.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-19w8cxh-ComponentWrapper-HeadlineComponentWrapper egtrm1f0\" data-component=\"subheadline-block\">\n<h2 id=\"DragonForce-claims\" class=\"ssrcss-pbttu9-Heading e10rt3ze0\" tabindex=\"-1\"><span role=\"text\">DragonForce claims<\/span><\/h2>\n<\/div>\n<div class=\"ssrcss-1w03aro-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">The Co-op membership database is thought to be highly valuable to the company.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">Since the BBC contacted Co-op about the hackers&#8217; evidence, the firm has disclosed the full extent of the breach to its staff and the stock market.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">&#8220;This data includes Co-op Group members&#8217; personal data such as names and contact details, and did not include members&#8217; passwords, bank or credit card details, transactions or information relating to any members&#8217; or customers&#8217; products or services with the Co-op Group,&#8221; a spokesperson said.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">DragonForce want the BBC to report the hack &#8211; they are apparently trying to extort the company for money.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">But the criminals wouldn&#8217;t say what they plan to do with the data if they don&#8217;t get paid.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">They refused to talk about M&amp;S or Harrods and when asked about how they feel about causing so much distress and damage to business and customers, they refused to answer.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">DragonForce is a ransomware group known for scrambling victims&#8217; data and demanding a ransom is paid to get the key to unscramble it. They are also known to have stolen data as part of their extortion tactics.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">DragonForce operates an affiliate cyber crime service so anyone can use their malicious software and website to carry out attacks and extortions.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">It&#8217;s not known who is ultimately using the DragonForce service to attack the retailers, but some security experts say the tactics seen are similar to that of a loosely coordinated group of hackers who have been called Scattered Spider or Octo Tempest.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">The gang operates on Telegram and Discord channels and is English-speaking and young \u2013 in some cases only teenagers.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">Conversations with the Co-op hackers were carried out in text form &#8211; but it is clear the hacker, who called himself a spokesperson, was a fluent English speaker.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">They say two of the hackers want to be known as &#8220;Raymond Reddington&#8221; and &#8220;Dembe Zuma&#8221; after characters from US crime thriller Blacklist which involves a wanted criminal helping police take down other criminals on a &#8216;blacklist&#8217;.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">The hackers say &#8220;we&#8217;re putting UK retailers on the Blacklist&#8221;.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">Co-op says it is working with the NCSC and the NCA and said in a statement it is very sorry this situation has arisen.<\/p>\n<\/div>\n<\/div>\n<div class=\"ssrcss-12l5xzx-LinksComponentWrapper e3eyuya0\" data-component=\"links-block\">\n<section class=\"ssrcss-msolhr-LinksWrapper e3eyuya5\">\n<div class=\"ssrcss-j49bjq-Promo e1vyq2e80\" data-testid=\"promo\">\n<div class=\"ssrcss-1djxueb-PromoCompact e18gnqux0\">\n<div class=\"ssrcss-1d68cot-PromoContent exn3ah913\">\n<div class=\"ssrcss-1f3bvyz-Stack e1y4nx260\">\n<ul>\n<li class=\"ssrcss-1sen9vx-PromoHeadline exn3ah910\"><a href=\"https:\/\/www.bbc.co.uk\/news\/articles\/c62x4zxe418o\" target=\"_blank\" rel=\"noopener\"><span aria-hidden=\"false\">Harrods latest retailer to be hit by cyber attack<\/span><\/a><\/li>\n<li>\n<p id=\"main-heading\" class=\"ssrcss-1s9pby4-Heading e10rt3ze0\" tabindex=\"-1\"><a href=\"https:\/\/www.bbc.co.uk\/news\/articles\/cdxnkg7rln2o\" target=\"_blank\" rel=\"noopener\"><span role=\"text\">M&amp;S stops online orders and issues refunds after cyber attack<\/span><\/a><\/p>\n<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<ul class=\"ssrcss-1y914pf-InContentLinksGrid e3eyuya3\" role=\"list\">\n<li class=\"ssrcss-r2yl4r-PromoItem e3eyuya1\">\n<div class=\"ssrcss-j49bjq-Promo e1vyq2e80\" data-testid=\"promo\">\n<div class=\"ssrcss-1djxueb-PromoCompact e18gnqux0\">\n<div class=\"ssrcss-1d68cot-PromoContent exn3ah913\">\n<div class=\"ssrcss-1f3bvyz-Stack e1y4nx260\">\n<p class=\"ssrcss-1sen9vx-PromoHeadline exn3ah910\"><a href=\"https:\/\/www.bbc.co.uk\/news\/articles\/cg72kg5yn2ko\" target=\"_blank\" rel=\"noopener\"><span aria-hidden=\"false\">&#8216;They wanted $4m&#8217;: Lessons for M&amp;S from other cyber attacks<\/span><\/a><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/li>\n<\/ul>\n<\/section>\n<\/div>\n<div class=\"ssrcss-19w8cxh-ComponentWrapper-HeadlineComponentWrapper egtrm1f0\" data-component=\"subheadline-block\">\n<h2 id=\"Wakeup-call\" class=\"ssrcss-pbttu9-Heading e10rt3ze0\" tabindex=\"-1\"><span role=\"text\">&#8216;Wake-up call&#8217;<\/span><\/h2>\n<\/div>\n<div class=\"ssrcss-1w03aro-RichTextComponentWrapper ep2nwvo0\" data-component=\"text-block\">\n<div class=\"ssrcss-7uxr49-RichTextContainer e5tfeyi1\">\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">UK government officials have met over the cyber attacks, with national security staff and the chief executive of the National Cyber Security Centre discussing support for retailers.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">In a keynote speech next week setting out government action, minister Pat McFadden &#8211; who has responsibility for cyber security &#8211; will say the attacks need to be a &#8220;wake-up call&#8221; for every UK business.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">&#8220;In a world where the cybercriminals targeting us are relentless in their pursuit of profit &#8211; with attempts being made every hour of every day &#8211; companies must treat cyber security as an absolute priority.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">&#8220;We&#8217;ve watched in real-time the disruption these attacks have caused &#8211; including to working families going about their everyday lives.<\/p>\n<p class=\"ssrcss-1q0x1qg-Paragraph e1jhz7w10\">&#8220;It serves as a powerful reminder that just as you would never leave your car or your house unlocked on your way to work. We have to treat our digital shop fronts the same way.&#8221;<\/p>\n<p>Source: <a href=\"https:\/\/www.bbc.co.uk\/news\/articles\/crkx3vy54nzo\" target=\"_blank\" rel=\"noopener\">bbc.co.uk<\/a><\/p>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<div class=\"mh-excerpt\">Cyber criminals have told BBC News their hack against Co-op is far more serious than the company previously admitted. Hackers contacted the BBC with proof they had infiltrated IT networks and stolen huge amounts of <a class=\"mh-excerpt-more\" href=\"https:\/\/worldjusticenews.com\/news\/2025\/05\/03\/dragonforce-hackers-group-give-proof-of-cyber-attack-against-co-op-and-claim-attacks-against-ms-and-harrods\/\" title=\"DragonForce hackers group give proof of cyber attack against Co-op and claim attacks against M&#038;S and Harrods\">[&#8230;]<\/a><\/div>\n","protected":false},"author":1,"featured_media":29317,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"pmpro_default_level":"","footnotes":""},"categories":[2,4],"tags":[11060,7572,4835,6668,7120,9344,11246,952,1009,2936,5302,11244,11245,1157,10328,11247,8803,10832,7779],"class_list":{"0":"post-29316","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-uk","9":"tag-co-op","10":"tag-cyber-attacks","11":"tag-cyber-crime","12":"tag-cyber-criminals","13":"tag-cyber-security","14":"tag-discord","15":"tag-dragonforce","16":"tag-extortion","17":"tag-hackers","18":"tag-hacking","19":"tag-harrods","20":"tag-ms","21":"tag-marks-spencer","22":"tag-national-crime-agency","23":"tag-national-cyber-security-centre","24":"tag-octo-tempest","25":"tag-ransom-demand","26":"tag-scattered-spider","27":"tag-telegram","28":"pmpro-has-access"},"_links":{"self":[{"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/posts\/29316","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/comments?post=29316"}],"version-history":[{"count":1,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/posts\/29316\/revisions"}],"predecessor-version":[{"id":29318,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/posts\/29316\/revisions\/29318"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/media\/29317"}],"wp:attachment":[{"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/media?parent=29316"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/categories?post=29316"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/worldjusticenews.com\/news\/wp-json\/wp\/v2\/tags?post=29316"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}