English-Speaking Hackers Claim Responsibility for Jaguar Land Rover Cyber-Attack
A group of English-speaking hackers associated with a previous cyber-attack on Marks & Spencer has now taken credit for targeting Jaguar Land Rover.
A post on a Telegram channel included an image appearing to show the automaker’s internal IT systems, along with a news report about the breach.
The channel’s name combines the identities of three hacking collectives: Scattered Spider, Lapsus$, and ShinyHunters.
Scattered Spider, which includes hackers in their teens and early twenties, has been linked to attacks on British retailers such as M&S, Co-op, and Harrods earlier this year. In July, four individuals—including three teenagers—were arrested in the UK as part of an inquiry into these incidents.
JLR, the UK’s largest car manufacturer, suspended operations at major facilities on Monday after confirming a cyber incident had "severely disrupted" production and sales activities. The company stated it found no evidence of compromised customer data but had shut down systems as a precaution and taken steps to minimize the impact.
No further details were provided regarding the attackers, when the breach was detected, or how long recovery might take.
Industry sources reported that the disruption had significantly affected parts suppliers, which regularly deliver components to JLR factories. The production halt could result in tens of millions of pounds in lost sales for these suppliers.
Aiden Sinnott, a security researcher at a UK cybersecurity firm, noted that one Telegram user involved, “Rey,” shares a name with a member of Hellcat—a ransomware group that previously claimed to have stolen JLR data. Sinnott said Hellcat’s methods align with those of Scattered Spider and ShinyHunters.
“These hackers primarily speak English and frequently use social media channels,” he said, adding that Lapsus$ employs similar tactics and attracts a similar demographic.
The cyber-attack follows financial challenges for JLR, including U.S. tariff pressures and declining sales.
The company reported a 49% drop in pre-tax profits to £351 million for the quarter ending in June, a period that included a temporary pause on exports to the U.S.
In 2023, Arion Kurtaj, an 18-year-old member of Lapsus$ from Oxford, was given an indefinite hospital order after leaking unreleased footage of *Grand Theft Auto 6* during a hacking spree. Kurtaj is autistic.
Discussing ShinyHunters and Scattered Spider, Sinnott explained, “Grouping them is complicated—they’re mostly individuals operating online through platforms like Telegram, sometimes collaborating.”
He described Scattered Spider as an “umbrella term for a demographic” of native English-speaking hackers in their late teens or early 20s who lack a formal structure.
Read next
Abuse survivors of Mohamed Al Fayed demand investigation into human trafficking
Survivors of abuse by former Harrods owner Mohamed Al Fayed are demanding a comprehensive investigation into human trafficking, asserting that such an inquiry is necessary to uncover the full extent of the billionaire’s alleged network.
The collective No One Above (NOA), established by victims of Fayed, is urging the
Climate activists criticize Shell for profiting from Iran conflict windfall
Shell announced stronger‑than‑anticipated earnings of $6.9 billion (£5 billion) after its oil‑trading arm profited from surging energy prices amid the Iran conflict, drawing criticism from climate activists.
Rising oil and gas prices during the Middle East turmoil enabled Europe’s largest oil and gas producer to
Jet Fuel Shortage Could Ground Travel, Reshape Vacations and History
What would happen to flights if the world exhausted its oil supply? Clearly, they would be grounded. More pointedly, could airlines simply run out of aviation fuel if the Iran conflict persists and the Strait of Hormuz stays closed?
This question has never arisen before. Air travel has faced unexpected