Mark 
Kevin BeaumontJaguar Land Rover have contained their network and stopped production after what appears to be a ransomware incident. VPNs and network border in UK all down.
Jaguar Land Rover moved their cybersecurity and IT functions to TCS two years ago 🫡
Jaguar Land Rover is ransomware, I can see network traffic from infrastructure used by multiple e-crime groups over the past week. I've asked one I think likely responsible if they did it.
They (JLR) appear to be doing contain to eradicate, i.e. all UK border services shut, Windows infrastructure offline etc.
Jaguar Land Rover latest from the outside looking in.
AS205756 aka JAGUAR LAND ROVER AUTOMOTIVE PLC is shut down - UK network only (however it hosts their most important infrastructure).
Staff have been told not to turn up to manufacturing facilities.
Tata Motors (parent company) appears to be online still but looks like a mess on Shodan, e.g. lots of SAP Netweaver boxes dangling directly off the internet.
JLR - network border all still offline. Liverpool Echo reports factory production still at all stop.
The lapsus$ guys are taking credit for the Jaguar Land Rover thing, speed run to see how many times they can get v&'d in 5 years.
I can see ecrime infrastructure was talking to this at JLR https://beta.shodan.io/host/185.193.35.39
It's a SAP Netweaver box. The Lapsus$ kids have been running around with a SAP exploit for a while, prior thread reference: https://cyberplace.social/@GossiTheDog/115005311849134541
The lapsus$ guys also posted this screenshot, on an internal Jaguar Land Rover SAP box last night.
Edit: thread broke, continues here: https://cyberplace.social/@GossiTheDog/115141860833884295
Alex@GossiTheDog imagine bragging about this being so easy when they probably bought the exploit with bitcoin.
T1- Push The Button@GossiTheDog well I’m glad I don’t have that shit hanging off my edge.
Rairii 
@GossiTheDog and now i'm wondering who the current holder of that record is
@GossiTheDog they must like the party van.
FashionProofv&'d ??
Alameals@GossiTheDog Any claimed responsibility for this yet?
V4N4D1S@GossiTheDog
https://media.jaguarlandrover.com/news/2025/09/statement-cyber-incident
They've already made a public statement.
VessOnSecurity@GossiTheDog *Multiple* e-crime groups were having a party on Jag's computers?! Wow.
James Forshaw 
@GossiTheDog maybe when they restore from the last backup they'll get back the old Jaguar logo :)
apth@GossiTheDog I would love to hear a little bit about what you're using to see that network traffic, as an aspiring CTI nerd
Hécate@GossiTheDog terrible thing to read on a tuesday
Ray—Golden Retriever Whisperer—🔝Insights@GossiTheDog you get what you pay for
James 🦉 #FBPE 🇪🇺@GossiTheDog Interesting - come the total enshittification of cars, we might one day see every car of a particular make bricked on the motorway and roads during the incident. Potentially for days, weeks or even longer, as envisioned in Leave the World Behind.
@stevewfolds@freequaybuoy @GossiTheDog
I would like to disable the WiFi in my car. Maybe tinfoil on the antenna.
I would like to disable the WiFi in my car. Maybe tinfoil on the antenna.
J$@GossiTheDog JLR allowed Windows in their infrastructure. Those seeking to celebrate the same achievements should follow the lead.
The rest of us: keep the leper colony at bay.
Gryficowa@GossiTheDog It has been said for a long time that VPN was not working like an advertisement, now it has only reached a wider group of people...
6x6@GossiTheDog Maybe the skiddies can do us all a favour and delete all the JLR engine designs with a wet belt.