Jaguar Land Rover said Tuesday that it will extend a production pause until Sept. 24, as it continues investigating a recent cyberattack on its networks.
The company said it is considering “different stages of a controlled restart of our global operations” while its forensic investigation into the attack continues.
JLR apologized for the continued delay and said it would provide additional updates when available.
The automaker originally disclosed the attack on Sept. 2 and said it proactively shut down its systems while it addressed the intrusion. The company immediately warned that the attack had severely disrupted its production capabilities, although it initially said there was no evidence of data theft.
On Sept. 10, the company revised its conclusions based on the latest analysis and confirmed that the hackers had stolen some of its data.
JLR reported the attack to authorities, including the U.K. Information Commissioner’s Office, which said it was assessing the company’s disclosure.
The U.K. National Cyber Security Centre confirmed earlier this month that it was helping JLR respond to the attack. Richard Horne, the agency’s chief executive, recently called for a shift in focus toward continuity of critical services in a speech at the Billington Cybersecurity Summit in Washington, D.C.
On Friday, labor union Unite called on the British government to develop a furlough plan to help protect the jobs of thousands of workers affected by the attack.
A group touting its affiliation with Scattered Spider, Lapsus$ and ShinyHunters claimed responsibility for the attack, according to researchers at Sophos. Researchers have linked Scattered Spider to a recent wave of social-engineering attacks targeting retailers and other businesses in the U.S., the U.K. and elsewhere.
The hackers allegedly behind the JLR intrusion said they disabled some of their infrastructure last week, amid suspicion that law enforcement was drawing closer to their operation. Security and law-enforcement experts warned, however, that the group’s claims were likely a diversion.
“Announcing — loudly — that your group is going quiet strikes us more as a ham-handed attempt to reduce law enforcement scrutiny,” said Cynthia Kaiser, senior vice president of Halcyon’s Ransomware Research Center and a former deputy assistant director of the FBI’s Cyber Division. “It may be true that some members of the group are trying to step back from more public roles after some recent arrests, but the past has shown us that criminal activity continues.”
Source link
