Google Says Hackers Behind UK Retail Disruptions Are Now Targeting U.S. Businesses - 1

Photo by Arian Darvishi on Unsplash

Google Says Hackers Behind UK Retail Disruptions Are Now Targeting U.S. Businesses

  • Written by Andrea Miliani Former Tech News Expert
  • Fact-Checked by Sarah Frazier Former Content Manager

Google warned on Wednesday that the hacking group Scattered Spider, the same hacking group responsible for multiple cyberattacks on retailers in the United Kingdom, is now targeting retailers in the United States.

In a rush? Here are the quick facts:

  • Google warned that the hacking group Scattered Spider is targeting retail businesses in the U.S.
  • The malicious actor, identified as UNC3944, attacked multiple retailers, including Co-op, Harrods, and Marks & Spencer, stealing data from millions of people.
  • Scattered Spider has been developing sophisticated malicious technologies in 2025.

According to The Record , the information was disclosed by John Hultquist, Chief Analyst at Google’s cybersecurity division.

“The US retail sector is currently being targeted in ransomware and extortion operations that we suspect are linked to UNC3944, also known as Scattered Spider,” said Hultquist.

In a recent post about the threat, the analyst shared on the social media platform X, the expert wrote: “Shields up, US retailers. They’re here.”

Shields up US retailers. They’re here. https://t.co/wslafVuEes — John Hultquist (@JohnHultquist) May 15, 2025

Scattered Spider, described by Google in a recent report as “a financially-motivated threat actor characterized by its persistent use of social engineering and brazen communications with victims,” has been developing sophisticated technologies in 2025 to create new powerful malware and phishing kits.

A few days ago, it was revealed that the hacking group UNC3944 was linked to the data breach targeting Co-op , one of the UK’s largest consumer cooperatives, in which data from 20 million members was stolen. Other businesses, such as Marks & Spencer and luxury retailer Harrods, were also targeted by Scattered Spider.

“The actor, which has reportedly targeted retail in the UK following a long hiatus, has a history of focusing their efforts on a single sector at a time, and we anticipate they will continue to target the sector in the near term. US retailers should take note,” said Hultquist.

The expert shared a warning with the community potentially affected, but Google hasn’t shared any formal attribution yet.

“These actors are aggressive, creative, and particularly effective at circumventing mature security programs,” explained Hultquist. “They have had a lot of success with social engineering and leveraging third parties to gain entry to their targets.”

Despite recent arrests, Scattered Spider continues to evolve and target multiple industries across the globe. A few weeks ago, the FBI announced that it had identified several members of the hacking group through operations to arrest the web launderer known as ElonmuskWHM.

AI Agents Tricked By Fake Memories, Enabling Crypto Theft - 2

Image created with ChatGPT

AI Agents Tricked By Fake Memories, Enabling Crypto Theft

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

A new research study revealed significant security vulnerabilities in Web3 AI-powered agents , which allow attackers to use fake memories to perform unauthorized cryptocurrency transfers.

In a rush? Here are the quick facts:

  • Hackers can inject fake memories into AI agents to steal cryptocurrency.
  • Memory-based attacks bypass basic security prompts and safeguards.
  • Blockchain transactions are irreversible—stolen funds are permanently lost.

Researchers from Princeton University and the Sentient Foundation discovered that these AI agents, designed to handle blockchain-based tasks like trading crypto and managing digital assets, are vulnerable to a tactic called context manipulation.

The attack works by targeting the memory systems of platforms like ElizaOS, which creates AI AI agents for decentralized applications. The memory system of these agents store past conversations to use them as a guide for their future choices.

The researchers demonstrated that attackers can embed misleading commands in the memory system, leading the AI to send funds from the intended wallet to an attacker-controlled wallet. Alarmingly, these fake memories can travel between platforms.

For example, an agent compromised on Discord might later make incorrect transfers via X, without realizing anything is wrong.

What makes this especially dangerous is that standard defensive measures cannot stop this type of attack. The treatment of fake memories as genuine instructions renders basic prompt-based security measures ineffective against this kind of attack.

All blockchain transactions become permanent so there is no possibility to restore stolen funds. The problem becomes worse because certain AI agents store memory across multiple users so a single security breach could affect many users.

The research team tested several ways to prevent this, including adjusting AI training and requiring manual approval for transactions. While these approaches offer some hope, they come at the cost of slowing down automation.

The issue goes beyond cryptocurrency. The same vulnerability could affect general-purpose AI assistants, risking data leaks or harmful actions if attackers alter their memory.

This vulnerability is particularly alarming in light of recent findings where 84% of IT leaders trust AI agents as much as or more than human employees, and 92% expect these systems to drive business results within 12 to 18 months.

To address the problem, the researchers released a tool called CrAIBench to help developers test their systems and build stronger defenses. Until then, experts warn users to be cautious when trusting AI agents with financial decisions.