The Guardian reports:
A group of English-speaking hackers linked to the Marks & Spencer cyber-attack has claimed responsibility for an attack on Jaguar Land Rover.
A channel on the Telegram platform posted a screenshot of what appeared to be the carmaker’s internal IT systems, as well as a news article detailing the hack.
The name of the Telegram channel is a combination of three English language speaking, or western-based, hacking groups known as Scattered Spider, Lapsus$ and ShinyHunters.
Read more at The Guardian.
As Security Week reported, someone linked to Scattered Spider recently released what was allegedly a 0-day exploit targeting SAP NetWeaver on Telegram. A spokesperson for ShinyHunters reportedly told The Telegraph that the attack on Jaguar Land Rover involved exploiting a widely-known flaw in SAP Netweaver.
In related coverage, DataBreaches.net reports that this is the third breach of Jaguar Land Rover this year:
In March 2025, Hudson Rock reported that JLR had been victimized twice. The first time was by Hellcat who exploited JIRA credentials harvested by using an LG Electronics’ employee’s credentials that had been compromised by an infostealer. Data was leaked on BreachForums by Hellcat member “Rey.” Days later, another threat actor calling themself “APTS” announced that they, too, had hacked JLR, and had exploited infostealer credentials of an LG Electronics employee going back to 2021. Their leak involved even more data than Hellcat’s leak.
“Rey” has recently been active in the Telegram channel for Scattered Spider, Lapsus$, and ShinyHunters and has posted evidence of a shell showing internal hostnames.
