The cyberattack that took place in the autumn of 2025 and paralysed operations at the British car manufacturer Jaguar Land Rover was likely carried out by Russian cyber groups. This is the conclusion reached by investigators in the UK and the US, according to The New York Times.
The attack began on 31 August 2025. Within a matter of hours, the attackers had penetrated the company’s critical systems, forcing management to take the emergency decision to shut down the network completely. Production came to a standstill for almost six weeks. Jaguar Land Rover’s direct losses are estimated at $350 million, whilst the total damage to the British economy exceeded $2.5 billion.
What is particularly alarming is what was missing from this story. No one demanded a ransom. No one haggled. Initially, a dubious ‘collective’ of Western hackers claimed responsibility, but investigators quickly established that this was smokescreen. The actual perpetrators operated with a level of skill and audacity that goes far beyond that of ordinary cybercrime. They employed ‘impressive’ encryption, deep penetration into the infrastructure and a clear understanding of how to inflict maximum economic damage.
Initially, a group calling itself Scattered Lapsus$ Hunters claimed responsibility for the hack. However, the investigation revealed that Russian hackers were behind the attack. According to sources close to the investigation, the operation was highly complex and was not carried out with the aim of obtaining a ransom.
There is as yet no confirmed evidence of direct involvement by Russian state bodies, although investigators have not ruled out the possibility that the hackers acted with the Kremlin’s tacit consent or on its instructions.
Neither the company nor the authorities have yet officially commented on the findings of the investigation.