A group of English-speaking hackers linked to the recent Marks & Spencer breach has claimed responsibility for a cyber-attack on Jaguar Land Rover. Reports Technology News
A Telegram channel posted a screenshot that appeared to show the carmaker’s internal IT systems, alongside a news report covering the hack.
The channel’s name combines three well-known Western hacking groups — Scattered Spider, Lapsus$, and ShinyHunters.
Scattered Spider, a network of teenage and young adult hackers, has previously been blamed for attacks on UK retailers including M&S, Co-op and Harrods. In July, four people — three of them teenagers — were arrested in the UK as part of investigations into those incidents.
Jaguar Land Rover, Britain’s biggest carmaker, was forced to halt production at key plants on Monday after admitting its manufacturing and sales operations had been “severely disrupted” by a cyber-incident. The company stressed there was no evidence of customer data being compromised but said it had “proactively” shut down systems and taken “immediate action to mitigate” the impact.
JLR did not confirm who was behind the breach, when it was discovered, or how long recovery might take.
Industry insiders said the disruption had hit suppliers hard, with regular parts deliveries to factories suspended. They warned the halt could cost suppliers tens of millions of pounds in lost sales.
Aiden Sinnott, a security researcher at Sophos, noted that one persona on the Telegram group, known as Rey, shared the same name as a member of Hellcat — the ransomware outfit that earlier this year claimed to have stolen data from JLR. He said Hellcat bore many similarities to Scattered Spider and ShinyHunters.
“They speak English and are active on social media platforms,” Sinnott explained, adding that Lapsus$ employs comparable tactics and appeals to a similar demographic as Scattered Spider.
