Carmaker Jaguar Land Rover (JLR) has shut down its systems after suffering a cyber-attack. The group claiming responsibility for the attack, The Com, also referred to as Scattered Spider, is a loosely affiliated online community of predominantly teenage English-speaking hackers based in the UK and the US.
“JLR has been impacted by a cyber incident. We took immediate action to mitigate its impact by proactively shutting down our systems. We are now working at pace to restart our global applications in a controlled manner. At this stage there is no evidence any customer data has been stolen but our retail and production activities have been severely disrupted,” states the carmaker.
Car production halted
Car production at sites including the Halewood plant in Merseyside and another in Solihull has been heavily disrupted since the attack was discovered on Sunday. and staff have been sent home.
The hackers responsible have claimed responsibility for the cyber-attack on the messaging platform Telegram. They also showed screenshots purporting to be from inside the car maker’s IT networks. The same group, which is referred to as “the Com,” was also responsible for a series of cyber-attacks on UK retailers including M&S earlier this year. According to the BBC, the hackers responsible for the attack on JLR are now attempting to extort money from the UK-based carmaker.
In March, the UK’s National Crime Agency NCA issued a warning that online forums or communities, referred to as “Com networks”, see offenders collaborate or compete to cause harm across a broad spectrum of criminality – both on and offline – including cyber, fraud, extremism, serious violence, and child sexual abuse.
The threat has increased sixfold
“Known reports of this emerging threat increased six-fold in the UK from 2022-2024. Thousands of users – offenders and victims – based in the UK and other western countries have exchanged millions of messages online.…Although adults are involved in these online communities, of particular concern is that offenders are predominantly teenage boys,” reported the NCA.
Members of the Com are also known to have hacked into companies including MGM, Microsoft, Nvidia, and Electronic Arts. What makes this new generation of cybercriminals particularly dangerous is their combination of hacking skills with English-speaking skills suited to social engineering and their ability to pose as English-speaking members of target organizations. According to The Hacking Games, an organization founded to steer teenage hackers away from crime and towards legitimate careers in cybersecurity, many youthful cybercriminals first acquired their skills reverse-engineering computer games.
