Russia is suspected of orchestrating a major cyber attack that forced Jaguar Land Rover (JLR) to halt production for over a month, impacting factories in the UK, Brazil, India, and Slovakia, and affecting around 200,000 jobs in the supply chain.

The attack, discovered on August 31, compromised approximately 800 computer systems across JLR's factories and is believed to have been directed by a foreign state, with investigations focusing on possible Kremlin involvement.

The cyber assault was highly targeted, possibly planned over a year, with extensive data breaches and leaks of employee and customer information on the dark web throughout 2024, indicating a sophisticated, state-orchestrated operation.

UK security agencies, including MI5, the National Cyber Security Centre, and the National Crime Agency, are investigating whether the attack was orchestrated by a hostile state or organized crime, with suspected links to Russia, China, or Iran.

Recent cyber threats from Russia have targeted UK companies like Marks and Spencer, Harrods, and Co-Op, as well as European infrastructure, raising concerns over Russian interference and cyber warfare.

In response to the disruption, the UK government issued a £1.5 billion loan guarantee and a £2 billion credit line to support JLR's recovery and protect over 200,000 jobs in the supply chain.

The attack coincided with JLR's efforts to replace its digital systems, and a hacker known as 'Rey', linked to the Hellcat group, claimed responsibility, revealing ongoing targeted attacks.

Production at JLR is gradually resuming across multiple facilities, with renewed momentum among staff to rebuild operations after the month-long shutdown.

The cyber attack led to a 17% decline in JLR's global sales from July to September, with UK sales dropping nearly a third, though recovery efforts are underway.

The investigation continues as authorities examine whether the Kremlin directed the attack and assess broader implications for cybersecurity and industrial resilience.

Deep Specter Research suggests the attack was not random but a deliberate, well-resourced operation involving extensive data breaches, with similar leaks at Tata Consultancy Services in 2024.

The incident underscores growing concerns over cyber threats from Russia and other hostile states targeting UK industries to disrupt the economy and undermine critical infrastructure.