Jaguar Land Rover (JLR) has extended its production shutdown for an additional week following a significant cyberattack that has crippled its operations since late August. As a standalone entity under Tata Motors India, JLR is a major force in the automotive industry, employing roughly 39,000 people and producing over 400,000 vehicles annually. The company, which boasts a yearly revenue of over $38 billion, has been working tirelessly to get its systems back online since the attack was first disclosed on September 2. The prolonged shutdown highlights the severe disruption caused by the breach, affecting not only JLR’s internal processes but also its network of employees, suppliers, and partners.
The British automaker confirmed that the attackers successfully stole “some data” during the breach, but the full extent of the compromised information remains unknown. While JLR has not publicly attributed the attack to a specific group, and no major ransomware operation has come forward, a new group identifying as “Scattered Lapsus$ Hunters” has claimed responsibility. This group posted screenshots of JLR’s internal SAP system on a Telegram channel and stated that they have deployed ransomware on the company’s compromised systems. This claim, if true, suggests a sophisticated and coordinated attack targeting the automaker’s critical infrastructure.
JLR’s decision to extend the production pause until September 24 was shared in a statement to its staff, suppliers, and partners. The company explained that the extension is necessary to allow its forensic investigation to continue and to ensure a controlled and phased restart of its global operations. A spokesperson for JLR stated that resuming full operations will take time, underscoring the complexity of recovering from such a widespread cyber incident. The company has not yet commented on the potential impact on its customers or provided further details to media outlets.
The self-proclaimed “Scattered Lapsus$ Hunters” group claims to be a coalition of cybercriminals associated with the well-known Scattered Spider, Lapsus$, and ShinyHunters extortion groups. These groups are notorious for using social engineering tactics to breach corporate networks and for deploying ransomware. This alleged alliance of cybercriminals has also taken responsibility for recent data thefts from multiple high-profile companies, including Google, Cloudflare, and Palo Alto Networks.
The use of social engineering and compromised OAuth tokens to steal data from numerous organizations, as seen in the Salesforce data theft attacks, points to a highly organized and dangerous threat. The alleged involvement of these cybercrime groups suggests that JLR is dealing with a formidable adversary. The incident serves as a stark reminder of the growing threat of cyberattacks to global corporations and the significant financial and operational damage they can cause. The prolonged shutdown and ongoing investigation at JLR will be closely watched by the industry as a case study in managing a major cyber crisis.
Reference:
