‘ShinyHunters’ Group Linked to Salesforce Supply Chain Attacks ‘Claims Jaguar Land Rover Cyberstrike’ : Ross Collie
by: Ross Collie
blow post content copied from Salesforce News | Salesforce Ben
click here to view original post
**Summary of Jaguar Land Rover Cyberattack Incident** Jaguar Land Rover (JLR), a British car manufacturer, has recently experienced a significant cyberattack that disrupted its retail and manufacturing operations. Although JLR did not explicitly mention Salesforce, the hacking group known as ShinyHunters, linked to recent attacks on Salesforce systems, claimed responsibility. Reports suggest that the attackers are a group of teenage hackers calling themselves "Salesforce supply chain hackers," who have also been involved in attacks on other companies like Marks & Spencer. In response to the cyber incident, JLR proactively shut down its IT systems and production lines, particularly in its UK plants, to contain the situation. Fortunately, the company stated that no sensitive customer data has been compromised. However, the attack has caused considerable disruption to their operations. The hackers, associated with various names including Scattered Spider and Lapsus$, have been known to target multiple British retailers and have shared internal JLR data on platforms like Telegram, mocking the company in the process. JLR is currently investigating the incident and is taking steps to restore its systems in a controlled manner. **Key Points:** - JLR faced a cyberattack affecting its operations. - The ShinyHunters group has claimed responsibility, linked to attacks on Salesforce. - No customer data was reported stolen, but operations were severely disrupted. - JLR shut down systems to manage the attack and is investigating. **Additional Context:** The ongoing cyber threats highlight the need for organizations to strengthen their cybersecurity measures, especially concerning connected applications. Salesforce admins are encouraged to audit their connected apps, ensuring permissions and origins are thoroughly checked to prevent unauthorized access. **Hashtags for SEO:** #Cybersecurity #JaguarLandRover #Cyberattack #Salesforce #DataProtection #Hacking #TechNews #InformationSecurity #JLR #ShinyHunters
British automobile manufacturer Jaguar Land Rover (JLR) recently announced that they have been severely impacted by a cyberattack amidst a wave of ongoing disruptions for Salesforce users.
In a brief notice on Tuesday, the company said that they were forced to disconnect their systems, which affected their retail and manufacturing operations. JLR has not named Salesforce, but ShinyHunters – which the Google Threat Intelligence Group (GTIG) have named as the group potentially responsible for recent Salesforce instances attacks – has claimed responsibility for the incident.
Several reports have claimed that the JLR infiltrators are a group of teenage English-speaking hackers who have branded themselves as “Salesforce supply chain hackers”. They have been linked to a recent large-scale attack on British supermarket, Marks & Spencer.
SF Ben note: The potential for compromised connected apps in Salesforce orgs is ongoing. We at Salesforce Ben strongly recommend that all admins and org owners prioritize auditing the connected apps currently in use in their orgs. This includes identifying the origin of all connected apps, removing any unused or unknown apps, setting permissions for access to remaining apps, and removing the ability for any user to add connected apps without approval. We’ve published an article to help, and created a hub page for all the breaking Salesforce hack news.
“Where Is My New Car, Land Rover?”
JLR announced the disruption to their website on Tuesday, with the hack likely taking place over the prior weekend. They released a short statement, which stated that no sensitive customer data had been stolen.
“JLR has been impacted by a cyber incident. We took immediate action to mitigate its impact by proactively shutting down our systems. We are now working at pace to restart our global applications in a controlled manner. At this stage, there is no evidence that any customer data has been stolen, but our retail and production activities have been severely disrupted.”
The breach was detected by JLR while it was actively happening, which prompted JLR to proactively shut down its IT systems and production lines across its UK plants (particularly in Merseyside/Halewood and Solihull) to contain the incident. Workers were also told via email or internal communications not to report to work.
A hacking collective going by names such as Scattered Spider, Lapsus$, ShinyHunters, and the hybrid moniker “Scattered LAPSUS$ Hunters” is claiming responsibility for a cyber‑attack on JLR, according to reports. This same group has been linked to previous attacks on several different British retailers.
Identified by Google threat researchers in June under the moniker UNC6240 (for Shiny Hunters), the group is believed to be responsible for the recent wave of Salesforce attacks that have impacted such cybersecurity heavyweights as Palo Alto Networks, Cloudflare, and Zscaler in the last few weeks.
According to the Financial Times, the hackers took to Telegram – through a user known as “Rey” – and posted screenshots that purportedly show internal JLR IT system data, including administrative logs and documents such as troubleshooting instructions relating to car charging systems.
Per reports, they also taunted JLR, making comments such as “Where is my new car, Land Rover?”
Some of these posts also reportedly included AI-styled images mocking Salesforce staff/analysts, showing they deliberately tie their exploits back to the Salesforce ecosystem.
A spokesperson from JLR told Salesforce Ben: “We are aware of the claims relating to the recent cyber incident and we are continuing to actively investigate.”
Final Thoughts
Another day, another unfortunate hacking story. We reported a few weeks ago that this could potentially be the beginning of something much worse, and this ongoing wave of hacks from these collective groups suggests we’re not out of the woods yet.
We must once again preach that these leaks are not from any vulnerabilities within the core Salesforce platform.
You can monitor our hub post on the topic, which will be updated as news emerges, here.
The post ‘ShinyHunters’ Group Linked to Salesforce Supply Chain Attacks ‘Claims Jaguar Land Rover Cyberstrike’ appeared first on Salesforce Ben.
September 04, 2025 at 09:50PM
Click here for more details...
=============================
The original post is available in Salesforce News | Salesforce Ben by Ross Collie
this post has been published as it is through automation. Automation script brings all the top bloggers post under a single umbrella.
The purpose of this blog, Follow the top Salesforce bloggers and collect all blogs in a single place through automation.
============================
Post a Comment