Police revealed that detectives investigating cyberattacks against British retailers will focus on the infamous cluster of cybercriminals.

For weeks, speculation has been made that the destructive attacks on M&S, co-ops, Harrods and some U.S. retailers could be the work of a hacker community called Scacted Spider.

Speaking about the hacking, the National Crime Agency (NCA) told BBC News that the group is a key part of finding the culprit in the ongoing investigation.

"We are working on a group that is publicly called the scattered spider, but we have a different set of assumptions that we will follow evidence to attract criminals," said Paul Foster, head of the NCA's national cybercrime division in the new BBC documentary.

He added: “Given all the damage we’ve seen, catching the people behind these attacks is our priority.”

A wave of attacks that began with Easter led to empty shelves in stores, shutdowns for online ordering and theft of private data from millions of people.

The attack was conducted using Dragonforce, a platform that provides criminals with tools to carry out ransomware attacks. However, the hackers who pulled the strings have not been confirmed and have not been arrested.

Some cyber experts say hackers showcase the characteristics of a scattered spider, a loose community that is often young people who organize leaps in discord, telegraph and forums, most likely located in the UK and us.

While the NCA says it is exploring all parts of the cybercrime ecosystem, it looks in the same direction.

"The spiders speak English in large part, but that doesn't necessarily mean they are in the UK - we know they communicate online across a variety of different platforms and channels, which is key to their ability to operate as a collective, I guess."

M&S has suffered a blow from ransomware that has scrambled the company’s servers to make computer systems useless. The high street giant is still working to keep the shelves in stock and has stopped shopping online for weeks. The hackers also stole customer and employee data from the company.

At the cooperative, staff take the system offline to prevent ransomware infections, but a large amount of customer and employee data is stolen and ransomed. The operations of the company's supermarkets, insurance offices and funeral services have been severely affected.

Not sure what happened to Harrods, but the company admitted that it had to take the computer system offline due to an attempted cyber attack.

When the hackers behind the M&S and the co-op attack contacted the BBC anonymously last week, they refused to say whether they were scattered spiders.

CrowdStrike's cybersecurity researchers have formed "scattered spiders" due to the sporadic nature of the group, but other network companies have given cluster nicknames including Octo Tempest and Muddled Libra.

The group is also linked to high-profile attacks, including transport at two U.S. casinos in 2023 and London last year.

In November, the United States accused five British and American boys and boys in their twenties of allegedly scattered spider activity. One is Tyler Buchanan, a 23-year-old Scotsman, who has not yet pleaded guilty, and the rest is us.

NCA investigators will not disclose how hackers managed to violate victim organizations, but earlier this month, the National Cybersecurity Center issued guidance to organizations urging them to review their IT Help Desk password reset process.

"The help table that summons it is a strategy that scattered spiders seem to like, using social engineering skills to manipulate someone for operations, such as clicking a link or resetting someone's account to a password they can use," said Lisa Forte of cybersecurity company Red Goat.

In the BBC documentary, arrested nine years ago and now working in cybersecurity, he said that teenagers may fall behind hackers and he was not surprised.

He said: "It didn't surprise me - on the contrary. These tools are easy to get and are easy to jump down online to search.