Jaguar Land Rover have contained their network and stopped production after what appears to be a ransomware incident.
-
Meanwhile the LAPSUS guys were busy posting large numbers of US defense Top Secret marked documents last night. They've since been deleted from Telegram.
One surprising thing with the Jaguar Land Rover incident - they've only isolated JAGUAR LAND ROVER AUTOMOTIVE PLC (AS205756), the UK network. The India, China etc networks are still online.
When I dealt with LAPSUS elsewhere they entered via a different country network/biz unit and then pivoted to target country/biz unit.
-
One surprising thing with the Jaguar Land Rover incident - they've only isolated JAGUAR LAND ROVER AUTOMOTIVE PLC (AS205756), the UK network. The India, China etc networks are still online.
When I dealt with LAPSUS elsewhere they entered via a different country network/biz unit and then pivoted to target country/biz unit.
JLR UK have got one internet facing system back online - wslx.jlrext.com
Single factor auth only because that's how automotives roll. If you visit direct IP, it's still branded Ford - Ford sold the business in 2008.
-
JLR UK have got one internet facing system back online - wslx.jlrext.com
Single factor auth only because that's how automotives roll. If you visit direct IP, it's still branded Ford - Ford sold the business in 2008.
Just checked in on JLR - factory production won't be resuming tomorrow (day 7).
-
Just checked in on JLR - factory production won't be resuming tomorrow (day 7).
Jaguar Land Rover car production is still shut down tomorrow, day 8. I’ve checked the network border, everything except one system in UK is also still offline.
-
Jaguar Land Rover car production is still shut down tomorrow, day 8. I’ve checked the network border, everything except one system in UK is also still offline.
JLR are keeping car production closed until least Monday. They also say “some data was impacted”, whatever that means.
https://www.liverpoolecho.co.uk/news/liverpool-news/jaguar-land-rover-issues-crisis-32447659
-
JLR are keeping car production closed until least Monday. They also say “some data was impacted”, whatever that means.
https://www.liverpoolecho.co.uk/news/liverpool-news/jaguar-land-rover-issues-crisis-32447659
JLR have started switching border routers back on (don't ask me why SNMP, NTP and SSH are internet facing).
-
JLR have started switching border routers back on (don't ask me why SNMP, NTP and SSH are internet facing).
JLR shouldn't feel bad, Tata Motors (their parent) is way worse shape. They've even got Exchange Server with OWA internet facing without MFA.
-
JLR have started switching border routers back on (don't ask me why SNMP, NTP and SSH are internet facing).
@GossiTheDog
Wouldn’t the uptime rather suggest that they just plugged the cable back in?
Doesn’t seem to even had bothered patching the routers beforehand.The routers could potentially be CEs and thus the responsibility of the service provider.
-
JLR shouldn't feel bad, Tata Motors (their parent) is way worse shape. They've even got Exchange Server with OWA internet facing without MFA.
Jaguar Land Rover have told factory workers worldwide to stay home until at least next Wednesday, which will be 17 days since the cyber incident began. https://www.bbc.co.uk/news/articles/c3e712nvyz9o.amp
-
Jaguar Land Rover have told factory workers worldwide to stay home until at least next Wednesday, which will be 17 days since the cyber incident began. https://www.bbc.co.uk/news/articles/c3e712nvyz9o.amp
Unite are calling on the government to urgently intervene over the Jaguar Land Rover cyber incident, to introduce a furlough scheme for JLRs suppliers.
-
Unite are calling on the government to urgently intervene over the Jaguar Land Rover cyber incident, to introduce a furlough scheme for JLRs suppliers.
JLR have lost between £50m-£100m so far according to BBC estimates https://www.bbc.co.uk/news/articles/czdjn0lv64ro
-
JLR have lost between £50m-£100m so far according to BBC estimates https://www.bbc.co.uk/news/articles/czdjn0lv64ro
If anybody is interested, TCS’ website says JLR outsourced cybersecurity (not sure which bits) to it a few years ago.
TCS also run security operations and monitoring for Co-op (my old team) along with their IT and IT helpdesk, and M&S secops monitoring, IT and IT helpdesk.
-
If anybody is interested, TCS’ website says JLR outsourced cybersecurity (not sure which bits) to it a few years ago.
TCS also run security operations and monitoring for Co-op (my old team) along with their IT and IT helpdesk, and M&S secops monitoring, IT and IT helpdesk.
Jaguar Land Rover have extended their manufacturing shutdown until at least next Wednesday, the 24th of September. https://www.theguardian.com/business/2025/sep/16/jaguar-land-rover-production-shutdown-cyber-attack
-
Jaguar Land Rover have extended their manufacturing shutdown until at least next Wednesday, the 24th of September. https://www.theguardian.com/business/2025/sep/16/jaguar-land-rover-production-shutdown-cyber-attack
In my own story, I discovered JLR outsourced different cybersecurity areas to TCS and then made many of the UK team redundant 6 months ago.
-
R AodeRelay shared this topic
-
Jaguar Land Rover have extended their manufacturing shutdown until at least next Wednesday, the 24th of September. https://www.theguardian.com/business/2025/sep/16/jaguar-land-rover-production-shutdown-cyber-attack
@GossiTheDog When I see a Jaguar or Land Rover going past I see a bad person who doesn’t care about anything but themselves.
-
R AodeRelay shared this topic
