Russian hackers were behind the JLR cyberattack that cost the UK economy $2.5 billion

TL;DRRussian hackers carried out the JLR cyberattack that halted production for six weeks and cost the UK $2.5B, the NYT reports.

Russian hackers were behind last year’s devastating cyberattack on Jaguar Land Rover, according to a New York Times investigation published Thursday. The breach, which began on 31 August 2025, shut down production across JLR’s factories for nearly six weeks and cost the British economy an estimated two and a half billion dollars, making it the most financially damaging cyberattack in UK history. Investigators have not determined whether the hackers were working directly for Vladimir Putin’s government, were independent criminals, or were operating with the government’s tacit approval.

Microsoft was tracking the Russian hacking group and alerted JLR to their identities, according to the Times. The FBI, Britain’s National Crime Agency, the National Cyber Security Centre, Google’s Mandiant unit, and Palo Alto Networks all contributed to the investigation, an unusually broad coalition that reflects the severity of the breach.

The attack originated with a vishing campaign weeks before the breach went public, in which attackers posing as internal staff tricked JLR employees into handing over login credentials. Armed with valid usernames and passwords, in some cases with administrator privileges, the hackers entered through normal authentication flows and moved laterally across JLR’s IT networks. Production lines ceased on 1 September, and staff were told to stay home.