A cyberattack that disrupted production at Jaguar Land Rover back in 2025 and inflicted an estimated $2.5 billion in economic damage to the United Kingdom was carried out by Russian hackers, according to a recent report by The New York Times.
The attack targeted Jaguar Land Rover, one of the UK's largest employers, forcing the carmaker to suspend production for months. The disruption caused the UK government to provide the company with a £1.5 billion support package, equivalent to about $2 billion, while estimates cited in the report suggest the wider economic impact reached approximately $2.5 billion.
For months, the identity of those responsible remained unclear. According to The New York Times, investigators have now concluded that the hackers were Russian. However, the report said it remains uncertain whether the group was acting on behalf of the Russian government, operating independently as a criminal organisation, or functioning with unofficial approval from state authorities.
The report said Microsoft tracked the suspected hacking group and alerted Jaguar Land Rover to information regarding the attackers' identities. It added that the investigation also involved the United States' Federal Bureau of Investigation, the UK's National Crime Agency, the National Cyber Security Centre, Google's Mandiant cybersecurity unit, and Palo Alto Networks.
Investigators also found that the Russian group was not the only actor to gain access to parts of Jaguar Land Rover's network. According to the report, a Jordanian hacker using the online alias "Rey" separately breached some of the company's systems.