Powered by MOMENTUMMEDIA
For breaking news and daily updates, subscribe to our newsletter

2025 major $2.5bn JLR cyber attack was conducted by Russian hackers

Last year’s major cyber attack on UK car manufacturing giant Jaguar Land Rover (JLR) was reportedly conducted by Russian hackers, according to sources close to the incident.

Thu, 02 Jul 2026
2025 major $2.5bn JLR cyber attack was conducted by Russian hackers

In September last year, JLR, owned by Tata Motors in India, revealed that it had suffered a cyber attack late in August, announcing that it had shut down its systems to prevent further damage.

“JLR has been impacted by a cyber incident. We took immediate action to mitigate its impact by proactively shutting down our systems,” Jaguar Land Rover said in an undated statement on its corporate website.

The company’s operations were stunted by the incident, leading to JLR needing a £1.5 billion bailout from the UK government.

 
 

While operations were able to be restored over time, the threat actor behind the incident was not formally identified.

However, in October last year, a Government Communications Headquarters (GCHQ) investigation led by the UK National Cyber Security Centre, with assistance from the National Crime Agency, has suggested that the Kremlin may have been guiding the threat actors with “an active line of inquiry”, a GCHQ spokesperson told The Telegraph.

“The investigation is ongoing, and we would caution against speculation. The government has persistently called out a range of actors for malicious cyber activities against the UK and will continue to do so.”

Now, as originally reported by The New York Times, sources close to the investigation have noted that the hackers behind the incident were Russian, however it was unconfirmed whether or not they were financially motivated private criminals, working for the Kremlin or somewhere in the middle.

The report also says that Microsoft had been tracking the Russian hacking group in an investigation alongside the FBI, the UK National Crime Agency (NCA) and National Cyber Security Centre, Palo ALto Networks and Google’s Mandiant, and notified JLR of the Russian group's identities.

However, the report also suggests that a Jordanian hacker going by the name ‘Rey’ also breached the JLR network.

While JLR has fully recovered operationally, it suffered major financial strain as a result of the cyber attack and the cost of US tariffs. The company’s pre-tax profit was just £14 million for 2025-26 fiscal year, down from £2.5 billion the year before.

According to the BBC, JLR was at one point suffering losses of roughly £50 million a week during its downtime.

Cyber DailyWant to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.
Tags:

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.