Jaguar Land Rover (JLR) has extended a pause in vehicle production for at least another week following a devastating cyber attack by the Scattered Lapsus$ Hunters hacking collective. The incident, which began at the end of August and became public on September 2, forced the suspension of work at JLR's Merseyside plant and has affected its retail services.
The cyber gang, comprising members of the Scattered Spider, ShinyHunters, and Lapsus$ gangs, compromised data of an undisclosed nature. The group has been boasting of its exploits on Telegram but has now claimed to have retired. However, experts are skeptical about this claim, with Cian Heasley, principal consultant at Acumen Cyber, stating that the gang's talk of activating "contingency plans" and seeking a golden parachute suggests they are buying time.
The attack has had significant consequences for JLR, with James McQuiggan, CISO adviser at KnowBe4, highlighting the importance of business continuity and cyber defense. When core systems are taken offline, the impact cascades through employees, suppliers, and customers, demonstrating that these two aspects should be indivisible. The long-term risks of data theft during such incidents include reputational damage and regulatory consequences.
The supposed Scattered Lapsus$ Hunters shutdown was announced via BreachForums and Telegram across a number of crude postings. In the messages, reviewed by CyberNews, one gang member addressed the CIA, saying they were "so very sorry" for leaking classified documents and had "no idea what they were doing." The message also included an apology to JLR and Google.
Cyber community members are skeptical about the gang's claim to have retired. Heasley stated that this is a transparent move to buy time, with the group panicking about the threat of prison and arguing behind the scenes about how much trouble they are in. Given the volatile nature of the group, it's hard to imagine they carried out due diligence and would not be drawn back into cyber crime.
Even amidst its "farewell" messages, Scattered Lapsus$ Hunters hinted at future developments and taunted various victims, including luxury goods house Kering and Air France. The group also named British Airlines, an organization that does not exist but may be a reference to British Airways (BA). BA is not known to have been attacked at the time of writing, suggesting that more victims of the recent hacking spree may yet come to light.
The incident serves as a reminder of the importance of regular testing and updating business continuity and incident response plans, strengthening supply chain risk assessments, and adopting zero-trust principles. Ongoing security awareness, phishing simulations, and behavior analysis can help users recognize and resist malicious tactics. By combining strong technical controls with a culture of cyber resilience, organizations can reduce their exposure and recover with greater confidence.