Hacking attacks on UK companies
Jaguar Land Rover (JLR)
Jaguar Land Rover (JLR) has fallen victim to one of the most destructive cyberattacks in the history of the British automotive industry. The attack, which began on August 31, 2025, led to a complete halt to global production and caused a domino effect throughout the supply chain, generating losses estimated at £5-10 million per day. A group called "Scattered Lapsus$ Hunters" - a coalition of three well-known cybercriminal collectives - has claimed responsibility for the attack:
- Scattered Spider - a loose network of young hackers, mostly teenagers from the UK and the US
- Lapsus$ - a group known for attacks on large technology corporations
- ShinyHunters - specializing in data theft and extortion.
The Scattered Spider is a particularly dangerous group, consisting mainly of young people, some as young as 16 years old, coming from an English-speaking hacker community called "The Com". The group was previously responsible for attacks on M&S (£300 million in losses), Co-op and Harrods.
The attackers used a combination of advanced techniques:
- Social Engineering - manipulation of IT employees to gain access to systems
- SAP NetWeaver vulnerability exploitation - exploitation of critical vulnerabilities CVE-2025-31324 and CVE-2025-42999
- Lack of authorization in Visual Composer - allowed unauthorized access to systems
The main reason for the success of the attack was the exploitation of critical vulnerabilities in the SAP NetWeaver system. These vulnerabilities enabled attackers to:
- Execution of arbitrary commands on SAP servers
- Upload malicious executable files
- Full System Control
Additional factors affecting the scale and effects of the attack were:
