“`html
A group of young, English-speaking hackers are claiming responsibility for the cyberattack that has disrupted global production at Jaguar Land Rover (JLR).
The group has reportedly boasted about the breach on the messaging platform Telegram, sharing screenshots purportedly obtained from within the car manufacturer’s IT networks.
This same group, identifying themselves as “Scattered Lapsus$ Hunters,” is also believed to be behind a series of cyberattacks targeting UK retailers, including M&S, earlier this spring.
“Where is my new car, Land Rover,” the hackers, believed to be teenagers, posted in an apparent attempt to taunt the company.
The BBC has reached out to JLR for comment.
In private communications with an individual claiming to be the group’s spokesperson, the hackers indicated they are attempting to extort financial compensation from the car company.
However, the spokesperson declined to confirm whether private data had been successfully stolen from JLR or if malicious software had been deployed on the company’s network.
The individual also refrained from providing further evidence to substantiate their claim of responsibility for the attack, and it should be noted that the group has a history of disseminating false information to garner attention.
Nevertheless, two images shared by the group appear to depict internal instructions for resolving a car charging issue and internal computer logs.
One security expert has suggested that the screenshots imply the attackers have gained unauthorized access to sensitive information.
“Based on the information provided by the attackers and open source intelligence, the attack has access to JLR’s internal systems and network,” stated security researcher Kevin Beaumont.
A spokesperson for the Information Commissioner’s Office stated: “Jaguar Land Rover has reported an incident and we are assessing the information provided.”
Production at JLR facilities, including the Halewood plant in Merseyside and another in Solihull, has experienced significant disruption since the attack was discovered on Sunday.
Staff have reportedly been sent home, and JLR has affirmed its commitment to restoring manufacturing operations as quickly as possible.
The company has not publicly disclosed the specific nature of the cyberattack.
“We took immediate action to mitigate its impact by proactively shutting down our systems,” the company said in a statement.
“We are now working at pace to restart our global applications in a controlled manner.”
“At this stage there is no evidence any customer data has been stolen but our retail and production activities have been severely disrupted.”
The name Scattered Lapsus$ Hunters reflects the amalgamation of various youth-oriented cybercriminals associated with a network known as The Com.
Earlier this year, the National Crime Agency (NCA) issued a warning regarding the growing threat posed by cybercriminals within The Com.
The newly formed group consists of hackers previously affiliated with Shiny Hunters, Lapsus$, and Scattered Spider – all notorious young hacking groups that have emerged from The Com in recent years.
The Telegram channel utilized by the criminals now boasts nearly 52,000 subscribers. The group has been sharing boasts about alleged hacks and posting cryptic in-jokes for several days.
This is reportedly the fourth such Telegram channel, as previous iterations have been shut down.
Scattered Spider is the name of a loosely connected group of hackers believed to be responsible for high-profile attacks targeting M&S, Co-op, and Harrods in April and May.
In July, the NCA arrested four individuals in connection with these attacks.
A 20-year-old woman was arrested in Staffordshire, and three males – aged between 17 and 19 – were detained in London and the West Midlands. All have since been released on bail.
Sign up for our Tech Decoded newsletter to follow the world’s top tech stories and trends. Outside the UK? Sign up here.
Gloucester City Council says it found the amount by doing its accounts manually following a cyber attack in 2021.
Thousands of women who signed up had their data, including images, posts, and comments, leaked.
UK authorities have demanded access to Apple users’ protected files when required for investigations.
In a rare interview, a former North Korean IT worker reveals the secret scheme raising funds for Kim Jong Un’s regime.
Scammers are targeting people via links to fake Manx Telecom bills using the firm’s email platform.
“`