English-Speaking Hackers Claim Responsibility for Jaguar Land Rover Cyber-Attack
A group of English-speaking hackers associated with a previous cyber-attack on Marks & Spencer has now taken credit for targeting Jaguar Land Rover.
A post on a Telegram channel included an image appearing to show the automaker’s internal IT systems, along with a news report about the breach.
The channel’s name combines the identities of three hacking collectives: Scattered Spider, Lapsus$, and ShinyHunters.
Scattered Spider, which includes hackers in their teens and early twenties, has been linked to attacks on British retailers such as M&S, Co-op, and Harrods earlier this year. In July, four individuals—including three teenagers—were arrested in the UK as part of an inquiry into these incidents.
JLR, the UK’s largest car manufacturer, suspended operations at major facilities on Monday after confirming a cyber incident had "severely disrupted" production and sales activities. The company stated it found no evidence of compromised customer data but had shut down systems as a precaution and taken steps to minimize the impact.
No further details were provided regarding the attackers, when the breach was detected, or how long recovery might take.
Industry sources reported that the disruption had significantly affected parts suppliers, which regularly deliver components to JLR factories. The production halt could result in tens of millions of pounds in lost sales for these suppliers.
Aiden Sinnott, a security researcher at a UK cybersecurity firm, noted that one Telegram user involved, “Rey,” shares a name with a member of Hellcat—a ransomware group that previously claimed to have stolen JLR data. Sinnott said Hellcat’s methods align with those of Scattered Spider and ShinyHunters.
“These hackers primarily speak English and frequently use social media channels,” he said, adding that Lapsus$ employs similar tactics and attracts a similar demographic.
The cyber-attack follows financial challenges for JLR, including U.S. tariff pressures and declining sales.
The company reported a 49% drop in pre-tax profits to £351 million for the quarter ending in June, a period that included a temporary pause on exports to the U.S.
In 2023, Arion Kurtaj, an 18-year-old member of Lapsus$ from Oxford, was given an indefinite hospital order after leaking unreleased footage of *Grand Theft Auto 6* during a hacking spree. Kurtaj is autistic.
Discussing ShinyHunters and Scattered Spider, Sinnott explained, “Grouping them is complicated—they’re mostly individuals operating online through platforms like Telegram, sometimes collaborating.”
He described Scattered Spider as an “umbrella term for a demographic” of native English-speaking hackers in their late teens or early 20s who lack a formal structure.
Read next
Ryanair plane had only six minutes of fuel upon Manchester landing, records show
Flight Narrowly Avoids Disaster After Storm Diversion
An inquiry has been launched after a Ryanair flight, struggling against severe winds during storm Amy last week, landed at Manchester Airport with only six minutes’ worth of fuel remaining.
The aircraft had been transporting passengers from Pisa, Italy, to Prestwick, Scotland, on
"Qantas customer data for 5 million exposed as hackers release info post-ransom deadline"
Hackers Leak Personal Data of 5 Million Qantas Customers on Dark Web
A cybercriminal group has released personal records of 5 million Qantas customers on the dark web after the airline did not meet their ransom demand.
The breach is part of a larger global incident affecting over 40 companies,
Investors flee record-high UK stocks as EU set to hike steel tariffs
Investors Withdraw Record Sums from Equity Funds Amid High Market Valuations
Data reveals that investors in the UK have withdrawn an unprecedented amount of money from equity funds over the past three months, driven by concerns over soaring stock market valuations.
According to the latest figures from Calastone, the largest