Tata Motors-Owned Jaguar Land Rover Cyberattack: Infotainment System, EV Charging Logic May Be Compromised

The cyberattack on Tata Motors-owned Jaguar Land Rover, which occurred on Sept. 2, has significantly disrupted operations by shutting down global IT systems and stopping manufacturing and retail activities for the auto major. JLR is prolonging the closure of its manufacturing plants until Oct. 1 at least, which not only endangers the viability of small suppliers but is also causing apprehensions among workers.

Now a recent investigation report by cyber threat intelligence company Cyfirma throws light on the hacker group behind the attack, possible motives, and the scale of the attack.

As per Cyfirma’s report, a Telegram group identifying itself as Scattered Lapsus$ Hunters has taken responsibility for the cybersecurity breach at Jaguar Land Rover, posting an image of the company’s internal IT systems. 

The group’s name combines elements from three hacking groups: Scattered Spider, Lapsus$, and ShinyHunters. The ShinyHunters Collective has a history of being associated with cyberattacks targeting UK retailers. 

On Sept. 3, the Scattered Spider Lapsus$ Hunter Group shared a screenshot with a domain, “jlrint.com,” which likely serves as an internal domain for Jaguar Land Rover. 

According to Cyfirma, the screenshot may expose details that attackers could exploit if they accessed the system through stolen credentials. Attackers could also alter host files or DNS responses and misconfigure technical aspects that could lead to persistent threats and operational disruption within JLR’s network.

The screenshot further displayed issues with JLR’s infotainment system and electric vehicle charging logic, suggesting access to technical information and raising concerns about security and intellectual property protection.

Cyfirma report said that “it was shared by the group Shinyhunters Collective, likely as proof they accessed internal JLR systems or proprietary data,” adding that “this information could be used to reverse-engineer or exploit connected services.”

According to Cyfirma’s report, the attackers criticised UK’s National Crime Agency for targeting ShinyHunters. They threatened to disrupt telecommunications companies in the UK, including severing internet connections, stealing call records, and disclosing private conversations of government officials and politicians.

Connecting the JLR breach to threats aimed at Vodafone UK and politicians indicates hacktivist intentions that blend financial leverage with disruption and political statements.

The public disclosures aim to intimidate JLR and harm its reputation. Sharing infotainment and EV charging logic details also indicate that the attackers could gain greater access to critical systems, indicating the possibility of more harmful attacks.

The scope of the JLR cyberattack is not just limited to operational disruption within the company, but also exposure of intellectual property, damaging JLR and parent company Tata Motors' credibility, causing fear and panic among stakeholders, and disrupting the automotive sector by sounding the alarm bells for competitors, suppliers, and even customers.