A Russian hacking group is behind the attack that shut down Jaguar Land Rover production lines for months and cost the British economy an estimated $2.5 billion, TechCrunch reported Thursday, citing The New York Times and people close to the investigation.
The breach triggered a £1.5 billion UK government loan guarantee announced by Business Secretary Peter Kyle in September 2025 to keep JLR’s supply chain afloat. JLR employs 34,000 people directly and supports roughly 120,000 supply-chain jobs.
Investigators haven’t resolved the attribution question: whether the group operated under Kremlin direction, as independent criminals, or with the Russian government’s tacit approval. Microsoft tracked the group and alerted JLR before public disclosure. The FBI, the UK National Crime Agency, the National Cyber Security Centre, Google’s Mandiant unit, and Palo Alto Networks all worked the investigation.
The Russian group wasn’t the only intruder. A Jordanian hacker using the alias Rey separately breached some JLR networks, a layered compromise that complicates the attribution timeline.
The state-nexus question carries real legal weight. If investigators confirm a Kremlin link, the UK and US can pursue targeted designations under existing cyber sanctions frameworks; if the group is purely criminal, the path is indictment and extradition requests that Russia has historically refused. No deadline has been publicly set for charges.
James Okafor