Hackers behind Jaguar Land Rover announce their 'retirement' – should we believe them?

Cyber crime concept image showing hacker typing on keyboard in dimly-lit room with tablet pictured on desk.

(Image credit: Getty Images)

published 16 September 2025

The Scattered Lapsus$ Hunters hacking group, recently linked to the attack on Jaguar Land Rover that has devastated the company, has announced that it plans to shut down.

In a rather incoherent message on its Telegram channel – now shut down – the group said 'Silence will now be our strength'.

"You may see our name in new databreach disclosure reports from the tens of other multi billion dollar companies that have yet to disclose an breach, as well as some government agencies, including highly secured ones, that does not mean we are still active," it said.

"We LAPSUS$, Trihash, Yurosh, yaxsh, WyTroZz, N3z0x, Nitroz, TOXIQUEROOT, Prosox, Pertinax, Kurosh, Clown, IntelBroker, Scattered Spider, Yukari, and among many others, have dcided to go dark. Our objectives having been fulfilled, it is now time to say goodbye."

Much of the message concerned the eight members of the group who have been raided or arrested by law enforcement.

“We want to expand our regrets to their relatives, and apologise for their sacrifice. Any State needs its scapegoat. Those carefully selected targets are the last collateral victims of our war on power, and the use of our skills to humiliate those who have humiliated, predate those who have predated," the message read.

"We have ensure that the investigations targeting them will progressively fall apart, and that their mild vanity peccati will not inflict on them, long term consequences."

Done and dusted or laying low?

Industry experts are skeptical that the group is being entirely honest about its motivations.

"According to the post, going into dark for 72 hours was all part of a grand scheme. The last few days of silence have allowed them to activate their contingency plans. This all seems farfetched," said Cian Heasley, principal consultant at Acumen Cyber.

"Given the volatile and explosive nature of the group, it’s hard to imagine they carried out this level of due diligence. It's more likely members are having internal disagreements around how to proceed under the threat of prison time, how high a profile they want to maintain in the media and the cybercrime underground, and whether to lie low until the dust settles."

Scattered Lapsus$ Hunters and its overlapping sub-groups - ShinyHunters, Scattered Spider, and Lapsus$ - have claimed responsibility for some of the most devastating cyber attacks in recent memory.

The group has claimed nearly 100 incidents, including the Marks & Spencer hack earlier this year, which led to a shutdown of website and app orders and cost the company £300 million.

More recently, it claimed responsibility for the attack on Jaguar Land Rover which is not only expected to cost the company millions but has caused many of its suppliers to fear for their future.

"While Scattered Lapsus$ Hunters is seemingly over for now, this won’t be the last time we hear about them,” Heasley added. “More breaches from their recent spree are yet to be announced and it's likely some of its members will resurface soon."

"They say they are going to use this time to ‘enjoy their golden parachutes’ of ransom payments while they still can, but the lure of the money and excitement that comes with cyber crime will inevitably draw them back in eventually."

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

MORE FROM ITPRO

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.