A hacking group behind cyber-attacks on Marks and Spencer and the Co-op has now claimed responsibility for targeting the UK’s biggest car maker.
The IT disruption aimed at Jaguar Land Rover has crippled production lines – and there are fears the firm could be vulnerable to ransom demands ahead.
The incident left motor dealers unable to register cars with the new 75 licence plate.
It is the latest major UK brand to be targeted by hackers after not only M&S and the Co-op but also Harrods fell victim to hacking chaos earlier this year.
Jaguar Land Rover admitted this week its retail and production activities had been ‘severely disrupted’ – while insisting it was working to restart its operations in a controlled manner.
The company, owned by India’s Tata Motors, said it had not found any evidence at this stage that any customer data had been stolen after it shut down its systems to mitigate impact.
But the cyber groups known as Scattered Spider and Shiny Hunters today told of being able to exploit an apparent glitch in the company’s IT systems – while boasting of gaining access to customer data.
The two organisations, believed to largely comprise teenagers and young men in English-speaking nations, now describe themselves as ‘one and the same’ – while rebranding themselves as ‘Scattered Lapsus Hunters’.
Staff are seen assembling Range Rover Evoque SUVs on the production line at Jaguar Land Rover’s Halewood factory in Liverpool in December 2022 – the plant was closed on Monday
It is the latest major UK brand to be targeted by hackers after M&S and the Co-op fell victim to hacking chaos earlier this year – shoppers are seen here in central London
A screenshot was shared online by a user on a Telegram messenger group linked to the two groups, purporting to show access to JLR’s internal systems.
And the Telegraph quoted a group member, identifying as ‘Shiny’, that they had made the most of a flaw in third-party software to access consumers’ data.
Three male teenagers and a 20-year-old woman were arrested in association with the previous retail attacks on Marks and Spencer and the Co-op.
Jaguar Land Rover – which recently wound down building new Jags ahead of a switch to electric vehicles – sent staff home from its Halewood plant near Liverpool on Monday following the cyber-attack.
The firm said in a statement: ‘JLR has been impacted by a cyber incident. We took immediate action to mitigate its impact by proactively shutting down our systems.
‘We are now working at pace to restart our global applications in a controlled manner.
‘At this stage there is no evidence any customer data has been stolen but our retail and production activities have been severely disrupted.’
Mark Tibbs, from law firm Mishcon’s cyber risk and complex investigations practice, told how Jaguar Land Rover’s statement acknowledging the attack was ‘yet another unwelcome reminder of the threats facing British brands’.
The IT disruption by hacker aimed at JLR has crippled production lines (stock image)
He added: ‘JLR’s swift action in proactively shutting down and working to restore systems, along with their transparent messaging, shows commendable crisis management.
‘However, the severe disruption to retail and production activities highlights just how serious the impacts of cyber attacks can be.
“While the details of this latest attack have not been made public, it follows unconfirmed media reports from March that JLR was targeted by the Hellcat ransomware group.
‘In that incident, attackers allegedly used stolen Atlassian Jira credentials, obtained by malware, to access internal systems and steal sensitive data.
‘When faced with cyber attacks, companies may be forced to switch off OT [operational technology] systems as a precaution, to prevent the attack from spreading or causing physical damage.
‘Alternatively, the disruption could be a result of IT systems being so interconnected with production processes that any shutdown has a direct knock-on effect on manufacturing.
‘Either way, this will likely lead to delays, supply chain interruptions and challenges for deliveries to customers and retailers.’
The latest cyber-attack has occurred at the worst time possible for JLR, with the new age identifying number plates – issued on March 1 and September 1 each year – coinciding with manufacturers doing deals to attract buyers.
A JLR dealer initially raised the problem with Autocar magazine on Monday, saying it has been unable to register any cars.
Indian-owned Tata Motors’ Jaguar Land Rover logos are displayed at a showroom in New Delhi
The dealership could not provide details of the IT problem and reported that a resolution has yet to be found.
It means JLR has yet to register a new model this month.
Dray Agha, senior manager of security operations at security specialist Huntress, said: ‘This incident highlights the critical vulnerability of modern manufacturing, where a single IT system attack can halt a multi-billion-pound physical production line, directly impacting sales, especially during a key period.
‘Cyber criminals know this and many leverage the stopped clock of business functions as what they need to force capitulation of ransomware demands.
‘It is not known if ransomware was involved in the Jaguar attack but ransomware actors target manufacturers for a reason.’
The disruption adds to JLR’s troubles after a report in July said it had delayed the launch of its electric Range Rover and Jaguar models for more testing and in the hope that sluggish demand would pick up.
The car firm declined to comment on the potential identity of the hackers.
#Coop #hackers #claim #responsibility #cyberattack #Jaguar #Land #Rover #crippled #production #lines #leave #open #ransom #demands
