New Jaguars Can't Be Sold, Old Ones Can't Be Repaired. Hackers Breached the Corporation for Fun
Jaguar Land Rover now has fresh content on the hackers' Telegram channel.
Jaguar Land Rover now has fresh content on the hackers' Telegram channel.
The attack on Jaguar Land Rover at the end of August turned out to be much more extensive than it first appeared. According to researchers, the incident is the work of a new alliance of known hacker groups—Scattered Spider, LAPSUS$, and Shiny Hunters—now operating under the collective name "Scattered LAPSUS$ Hunters." These same threat actors are linked to a series of high-profile attacks on Salesforce infrastructure that paralyzed dozens of companies worldwide, including Cloudflare, Palo Alto Networks, Zscaler, and TransUnion.
In an official statement, Jaguar Land Rover confirmed that the cyberattack on August 31st forced the company to shut down global systems, resulting in significant disruptions to production and retail operations. Dealers in the UK were left unable to register new vehicles or supply parts, and the Solihull plant temporarily ceased operations. While the automaker claims there is no evidence of customer personal data being compromised, specialists note that the primary risk lies in the potential leak of corporate documentation and internal logs.
On their Telegram channel, which has already surpassed 50,000 subscribers, "Scattered LAPSUS$ Hunters" actively mocked Jaguar, Google Mandiant researchers, and Salesforce specialists. In their posts, the group published screenshots of the company's internal instructions for addressing vehicle charging issues, as well as log files. The hackers threatened that their next targets would be Vodafone UK and representatives of the British government, including high-ranking officials.
(Post from the group's channel - Cybernews)
The group's activity is both aggressive and demonstrative: their publications are full of provocative statements, profanity, and jokes. These threats are backed by concrete evidence—snippets of stolen files and hints at the scale of the compromise. In some messages, the threat actors referenced their campaigns against Salesforce while mocking Google specialists and publicly thanked Shiny Hunters for their assistance.
Experts noted that the attack on JLR demonstrated the fragility of modern production systems: a single failure impacts logistics, factory operations, and sales. It was emphasized that the attack occurred on a Sunday, when company response times are typically slower, allowing the attackers to amplify the impact of the breach. Researchers warn that cybercriminals are increasingly focusing not only on extortion but also on sabotaging the operation of critical supply chains.
The fundamental business risk lies in the theft of vast amounts of confidential information. Data remains the main prize that brings long-term profit to criminals. If threat actors gain access to internal databases, the consequences will extend far beyond temporary downtime: it could lead to mass phishing campaigns, identity theft, and new targeted attacks on connected partners.
Simultaneously, "Scattered LAPSUS$ Hunters" are credited with a number of other successful hacks. Among the named victims are Allianz Life, Workday, the crypto exchange ChangeNow, and dozens of major brands, including Farmers Insurance, Air France, KLM, Coca-Cola, Cisco, Qantas, Adidas, and Louis Vuitton. All these episodes highlight a systemic vulnerability in the global ecosystem: an attack on a single supplier triggers a domino effect for hundreds of organizations worldwide. Jaguar Land Rover has become just another link in a long chain of attacks that, according to the group's statements, is far from over.
