Scattered Lapsus$ Hunters Hacker Group Announces Shutdown

Scattered Lapsus$ Hunters, linked to the Jaguar Land Rover cyberattack, claims to shut down as experts suggest the group is fracturing under pressure.

For days, there had been silence from Scattered Lapsus$ Hunters, the group suspected of carrying out the recent cyber attack on Jaguar Land Rover (JLR). Now the hackers have resurfaced with a statement, not to announce another breach, but to declare they are walking away.

The announcement appeared first on the group’s Telegram channel and then on BreachForums.hn, a domain owned by the group. The post described the last 72 hours as a period spent with family and a time to activate “contingency plans.” It portrayed the pause as strategic, claiming that while attention was on headline-grabbing attacks against Google, Salesforce, and CrowdStrike, the group was quietly preparing its exit.

The message read more like a manifesto than a farewell. It listed corporations such as Air France, American Airlines, British Airways, and luxury group Kering as firms that “know” they have suffered breaches but have yet to receive ransom demands.

It also warned that forthcoming reports of data leaks at multinational companies and government agencies would not signal continued activity, only the delayed fallout of earlier campaigns.

At the same time, the group addressed arrests connected to affiliated operations like. It expressed sympathy for individuals facing prosecution, framing them as scapegoats and collateral damage in what it described as a war against powerful institutions. The statement closed with a farewell signed by a long roster of aliases, from IntelBroker (arrested in June 2025) to Trihash, and declared that the collective would now “go dark.”

While the post suggests careful planning, experts remain sceptical. Cian Heasley, principal consultant at Acumen Cyber, described the move as a transparent attempt to buy breathing space. “This is a group that thrives on volatility. The idea that they have calmly activated contingency plans seems farfetched,” he said. “It’s more likely they are panicking about prison time, debating how much attention they want, and lying low until the dust settles.”

Heasley noted that the reference to undisclosed breaches is significant, as it indicates victims may still be unaware of compromises. At the same time, he suggested the post could simply be the hackers throwing one last punch, pointing to how far they managed to get. “They say they hold the power, but the real message is that Scattered Lapsus$ Hunters is running scared,” he added.

Whether this is a genuine shutdown or a temporary pause, more breach disclosures are expected in the coming weeks as investigations catch up with their campaigns. History suggests that even if Scattered Lapsus$ Hunters does not return in its current form, some of its members will. The money and thrill of high-profile hacking are rarely abandoned for long.