Disorganized group affiliated with Spider links admits responsibility for JLR's cyber-assault
In a troubling turn of events, a hacker syndicate, believed to be a collaboration between the groups Scattered Spider, ShinyHunters, and Lapsus$, has reportedly targeted Jaguar Land Rover (JLR). The cyber incident, confirmed by JLR on September 2, has severely disrupted sales and production operations, leading to JLR staff at its Halewood production plant in Merseyside, UK, being told not to come to work on Tuesday, September 2.
The hacker syndicate, dubbed as Scattered Lapsus$ Hunters, is allegedly behind the attack, as claimed by the group itself through a Telegram platform linked to Scattered Lapsus$ Hunters. This alliance of hacking groups includes Scattered Spider, LAPSUS$, and ShinyHunters.
The groups are known for using social engineering techniques, extortion, and data theft for financial gain. In a move to elicit attention for their activities, the group has shared screenshots reportedly taken from inside JLR's IT networks on the messaging app Telegram. The unverified images include internal instructions for troubleshooting a car charging issue and internal computer logs.
This is not the first time the hacker syndicate has been linked to high-profile cyber-attacks. In April, they were believed to be responsible for cyber-attacks on UK retailers Marks & Spencer (M&S), The Co-op, and Harrods. In August 2023, an Oxford teenager was found responsible for a series of hacking incidents impacting big-name brands, as part of the infamous Lapsus$ group by a UK court.
The growing collaboration between threat-actor groups underscores their enterprise-like operations, emphasizing the need to harden defenses. Sam Kirkman, director of services, EMEA at NetSPI, stated that the group's interaction with the BBC shows its desire to elicit attention for its activities, a tactic that it also employed following the M&S attack in April.
It has not been confirmed whether any data has been stolen or if Scattered Lapsus$ Hunters installed ransomware. Local news outlet, the Liverpool Echo, reported on September 4 that JLR staff were still not back at the Merseyside factory. The groups, composed of English-speaking actors, are associated with The Com, a loosely organized online criminal network involving thousands of English-speaking individuals.
The cyber incident comes at a time when cybersecurity threats are on the rise. As the collaboration between threat-actor groups continues to evolve, it is crucial for businesses to stay vigilant and take necessary measures to protect their systems and data.
