English-Speaking Hackers Claim Responsibility for Jaguar Land Rover Cyber-Attack
A group of English-speaking hackers associated with a previous cyber-attack on Marks & Spencer has now taken credit for targeting Jaguar Land Rover.
A post on a Telegram channel included an image appearing to show the automaker’s internal IT systems, along with a news report about the breach.
The channel’s name combines the identities of three hacking collectives: Scattered Spider, Lapsus$, and ShinyHunters.
Scattered Spider, which includes hackers in their teens and early twenties, has been linked to attacks on British retailers such as M&S, Co-op, and Harrods earlier this year. In July, four individuals—including three teenagers—were arrested in the UK as part of an inquiry into these incidents.
JLR, the UK’s largest car manufacturer, suspended operations at major facilities on Monday after confirming a cyber incident had "severely disrupted" production and sales activities. The company stated it found no evidence of compromised customer data but had shut down systems as a precaution and taken steps to minimize the impact.
No further details were provided regarding the attackers, when the breach was detected, or how long recovery might take.
Industry sources reported that the disruption had significantly affected parts suppliers, which regularly deliver components to JLR factories. The production halt could result in tens of millions of pounds in lost sales for these suppliers.
Aiden Sinnott, a security researcher at a UK cybersecurity firm, noted that one Telegram user involved, “Rey,” shares a name with a member of Hellcat—a ransomware group that previously claimed to have stolen JLR data. Sinnott said Hellcat’s methods align with those of Scattered Spider and ShinyHunters.
“These hackers primarily speak English and frequently use social media channels,” he said, adding that Lapsus$ employs similar tactics and attracts a similar demographic.
The cyber-attack follows financial challenges for JLR, including U.S. tariff pressures and declining sales.
The company reported a 49% drop in pre-tax profits to £351 million for the quarter ending in June, a period that included a temporary pause on exports to the U.S.
In 2023, Arion Kurtaj, an 18-year-old member of Lapsus$ from Oxford, was given an indefinite hospital order after leaking unreleased footage of *Grand Theft Auto 6* during a hacking spree. Kurtaj is autistic.
Discussing ShinyHunters and Scattered Spider, Sinnott explained, “Grouping them is complicated—they’re mostly individuals operating online through platforms like Telegram, sometimes collaborating.”
He described Scattered Spider as an “umbrella term for a demographic” of native English-speaking hackers in their late teens or early 20s who lack a formal structure.
Read next
IEA set to urge unprecedented stockpile oil release to lower crude prices
The International Energy Agency is set to request the biggest drawdown of state oil reserves ever recorded, aiming to soothe the price surge sparked by the US‑Israeli strikes on Iran.
The global energy monitor is anticipated to urge its 32 members to free roughly 400 million barrels of emergency
How far could oil prices climb, and what could be the worldwide economic consequences?
Concerns about the world economy have intensified as oil prices have surged past $100 a barrel following the US‑Israel clash with Iran.
Economists warn that a growing chance of an extended war in the key energy‑exporting zone could severely affect living standards globally, reviving fears of a fresh
UK job market stalls as firms stay cautious on hiring
Data indicate that the UK labour market is struggling under weak recruitment demand, with only modest indications of improvement.
Two reports issued on Monday note that firms stay wary of taking on new employees because of cost pressures and economic uncertainty, underscoring the market’s continued fragility.
The monthly employment