Russia is now facing allegations of involvement in the cyber-attack on Jaguar Land Rover that reportedly left the UK with a £1.9billion bill.
The British carmaker was hit by hackers last year, in an incident that followed similar cyber incidents affecting Marks and Spencer and Co-op, while MPs continue to press the government for greater transparency over the investigation.
Although a hacking group, said to include some UK-based members, quickly claimed responsibility, investigators now believe a Russian-linked collective may have been responsible for the costly breach.
Cyber-response experts in the private sector, along with law enforcement officials in Britain and the US, say the attackers’ methods and apparent motives do not match those of the group first suspected, the New York Times reports.
Authorities are understood to have been examining possible Russian involvement since at least October, but are said to have only recently reached the view that the attackers came from Russia.
It remains unclear whether the operation was directed or approved by the Kremlin, or whether the hackers were acting independently.
Investigators also discovered that Microsoft had been tracking the Russian group and had informed Jaguar Land Rover (JLR) about who had broken into its systems.
Specialists working on the inquiry said they had not previously encountered the specific ransomware used in the JLR attack, which featured an encryption algorithm one expert described as “mind-blowing”.
Russia has been accused of being behind the Jaguar Land Rover cyber-attack that cost the UK £1.9billion (Stock Photo)
Vladimir Putin pictured on Friday. It is not yet clear whether the move was sanctioned by the Kremlin or whether the hackers acted alone
Britain’s National Crime Agency and National Cyber Security Centre, as well as the FBI, Palo Alto Networks and Google’s Mandiant unit, all convened to assist the car giant in its investigation in the wake of the attack.
The methods used were judged to be different to those deployed by the Harrods and M&S hackers – suspected to be organised by the group Scattered Spider – earlier last year.
Factory workers at JLR’s UK plants were told to remain at home in the days after the attack.
It not only triggered a production shutdown but also saw its dealer network struggle to register new models at one of its busiest times of the year.
Parts suppliers raised concerns about the impact on their businesses, which is said to have forced some into ‘panic and recovery mode’ while JLR continued to try to contain the issue.
The car firm said: ‘We want to thank all our customers, partners, suppliers and colleagues for their patience and support.
‘We are very sorry for the disruption this incident has caused. Our retail partners remain open and we will continue to provide further updates.’
JLR dealers were locked out of online systems – but were able to register new models, though via a more arduous process.
ALSO READ: All About Sawyer Hemsley: Who is He: Age, Spouse, Wealth, Family and Beliefs
It came at a salient period of the calendar year, with the new ’75’ plate launched that month, which typically attracts more showroom visits and model sales than at any time of the year.
Thousands of existing owners were also believed to have been affected, with garages unable to provide repairs as the IT shutdown had an impact on JLR’s parts supply chain.
The government, in turn, provided the company with a guarantee on a $2billion (£1.5bn) loan that it could use to support suppliers.
Russia is the biggest perpetrator of cybercrime in the world and its intelligence services have often deployed hackers to conduct attacks, according to western security agencies.
It comes after the UK imposed sanctions on Russian hacking syndicate Evil Corp, which had been operating out of Moscow.
Tensions between Britain and the Kremlin have been heightening lately, with a Russian warship firing at a British couple on a yacht in the English Channel this month.
Holidaymakers Jane Kelvey, 68, and her husband Alan, 70, were sailing Bright Future from Lymington to Cherbourg-en-Cotentin, when they spotted the Russian vessel looming 500 metres away from them, on Tuesday morning.
As they sailed closer, the retired couple said they heard five blasts on the horn from the Russian frigate Admiral Grigorovich.
Russia’s defence ministry has since accused the yacht’s captain of ‘following a dangerous course’, adding that it had come a mere 150m (492ft) away from the vessel.
But the British couple hit back, claiming they were ‘blameless’ for the events that unfolded on the high seas.
The couple have since revealed further details about the concerning incident, including that the warship did not show up on their Automatic Identification System (AIS), there was no flag identifying its nationality – and at no point did the crew attempt to radio them.
Their ordeal came as G7 leaders, including Prime Minister Sir Keir Starmer, met in Évian-les-Bains, France, for talks including Russia’s war in Ukraine.
RFN Admiral Grigorovich, one of Vladimir Putin’s Black Sea fleet ships, had been operating near British waters for some weeks.
Staff are seen assembling Range Rover Evoque SUVs on the production line at Jaguar Land Rover’s Halewood factory in Liverpool in December 2022 – the plant was closed after the hack
It was observed escorting shadow oil tankers and loitering near a wind farm off the Suffolk coast.
Two Royal Navy River-class offshore patrol vessels, HMS Mersey and HMS Tyne, had followed the ship through the Channel before the incident unfolded.
Data from MarineTraffic shows Bright Future, a 39ft-long and 10ft-wide vessel, sailed from the southern coastal town of Lymington at around 4am on June 16.
It then snaked past the Isle of Wight and across the English Channel before its run-in with the Russian warship.
Following the incident, it docked in the small city of Cherbourg-en-Cotentin, on France’s northern coast, at around 5.15pm on the same day.
The Daily Mail has approached JLR for comment.
