Kevin BeaumontSep 2, 2025
Jaguar Land Rover have contained their network and stopped production after what appears to be a ransomware incident. VPNs and network border in UK all down.
Show threadKevin BeaumontSep 2, 2025
Jaguar Land Rover moved their cybersecurity and IT functions to TCS two years ago 🫡
Show threadKevin BeaumontSep 2, 2025

Jaguar Land Rover is ransomware, I can see network traffic from infrastructure used by multiple e-crime groups over the past week. I've asked one I think likely responsible if they did it.

They (JLR) appear to be doing contain to eradicate, i.e. all UK border services shut, Windows infrastructure offline etc.

Show threadKevin Beaumont

Jaguar Land Rover latest from the outside looking in.

AS205756 aka JAGUAR LAND ROVER AUTOMOTIVE PLC is shut down - UK network only (however it hosts their most important infrastructure).

Staff have been told not to turn up to manufacturing facilities.

Tata Motors (parent company) appears to be online still but looks like a mess on Shodan, e.g. lots of SAP Netweaver boxes dangling directly off the internet.

Sep 2, 2025 at 7:50pmWeb
Show threadKevin BeaumontSep 3, 2025
JLR - network border all still offline. Liverpool Echo reports factory production still at all stop.
Show threadKevin BeaumontSep 3, 2025
The lapsus$ guys are taking credit for the Jaguar Land Rover thing, speed run to see how many times they can get v&'d in 5 years.
Show threadKevin BeaumontSep 3, 2025

I can see ecrime infrastructure was talking to this at JLR https://beta.shodan.io/host/185.193.35.39

It's a SAP Netweaver box. The Lapsus$ kids have been running around with a SAP exploit for a while, prior thread reference: https://cyberplace.social/@GossiTheDog/115005311849134541

Show threadKevin BeaumontSep 3, 2025

The lapsus$ guys also posted this screenshot, on an internal Jaguar Land Rover SAP box last night.

Edit: thread broke, continues here: https://cyberplace.social/@GossiTheDog/115141860833884295

Show threadAlexSep 3, 2025
@GossiTheDog imagine bragging about this being so easy when they probably bought the exploit with bitcoin.
Show threadAlexSep 3, 2025
@GossiTheDog o_O
Show threadT1- Push The ButtonSep 4, 2025
@GossiTheDog well I’m glad I don’t have that shit hanging off my edge.
Show threadRairii   Sep 3, 2025
@GossiTheDog and now i'm wondering who the current holder of that record is
Show threadAlexSep 3, 2025
@GossiTheDog they must like the party van.
Show threadFashionProofSep 13, 2025
v&'d ??
Show threadAlamealsSep 3, 2025
@GossiTheDog Any claimed responsibility for this yet?