The Wall Street Journal
By
Dominic Chopping
Follow
Updated Sept. 29, 2025 6:39 am ET
Jaguar Land Rover discovered a cyberattack late last month, forcing the company to shut down its computer systems and halt production.
Jaguar Land Rover will restart some sections of its manufacturing operations in the coming days, as it begins its recovery from a cyberattack that has crippled production for around a month.
“As the controlled, phased restart of our operations continues, we are taking further steps towards our recovery and the return to manufacture of our world‑class vehicles,” the company said in a statement Monday.
The news comes a day after the U.K. government stepped in to provide financial support for the company, underwriting a 1.5 billion-pound ($2.01 billion) loan guarantee in a bid to support the company’s cash reserves and help it pay suppliers.
The loan will be provided by a commercial bank and is backed by the government’s export credit agency. It will be paid back over five years.
“Jaguar Land Rover is an iconic British company which employs tens of thousands of people,” U.K. Treasury Chief Rachel Reeves said in a statement Sunday.
“Today we are protecting thousands of those jobs with up to 1.5 billion pounds in additional private finance, helping them support their supply chain and protect a vital part of the British car industry,” she added.
The U.K. automaker, owned by India’s Tata Motors, discovered a cyberattack late last month, forcing the company to shut down its computer systems and halt production.
The company behind Land Rover, Jaguar and Range Rover models, has been forced to repeatedly extend the production shutdown over the past few weeks as it races to restart systems safely with the help of cybersecurity experts flown in from around the globe, the U.K.’s National Cyber Security Centre and law enforcement.
Last week, the company began a gradual restart of its operations, bringing some IT systems back online. It has informed suppliers and retail partners that sections of its digital network is back up and running, and processing capacity for invoicing has been increased as it works to quickly clear the backlog of payments to suppliers.
JLR has U.K. plants in Solihull and Wolverhampton in the West Midlands, in addition to Halewood in Merseyside. It is one of the U.K.’s largest exporters and a major employer, employing 34,000 directly in its U.K. operations. It also operates the largest supply chain in the U.K. automotive sector, much of it made up of small- and medium-sized enterprises, and employing around 120,000 people, according to the government.
Labor unions had warned that thousands of jobs in the JLR supply chain were at risk due to the disruption and had urged the government to step in with a furlough plan to support them.
U.K. trade union Unite, which represents thousands of workers employed at JLR and throughout its supply chain, said the government’s loan guarantee is an important first step.
“The money provided must now be used to ensure job guarantees and to also protect skills and pay in JLR and its supply chain,” Unite general secretary Sharon Graham said in a statement.
wsj.com By
Robert McMillan
Sept. 15, 2025 7:00 am ET
Botnets, massive networks of hacked devices, are being used for dangerous attacks, one of which recently set a world record
The Federal Bureau of Investigation recently disrupted a network of hacked devices used by criminals in some of the largest online attacks yet seen. Now those devices have been hacked by someone new to build an even bigger weapon.
Law-enforcement agencies and technology companies are waging a war against increasingly powerful networks of hacked devices, called botnets, that can knock websites offline for a fee. They are used for extortion and by disreputable companies to knock rivals offline, federal prosecutors say.
But lately, a new age of dangerous botnets has arrived, and existing internet infrastructure isn’t prepared, some network operators say. These botnets are leveraging new types of internet-connected devices with faster processors and more network bandwidth, offering them immense power.
The criminals controlling the botnets now have the capabilities to move beyond website takedowns to target internet connectivity and disrupt very large swaths of the internet.
“Before the concern was websites; now the concern is countries,” said Craig Labovitz, head of technology with Nokia’s Deepfield division.
In August, federal prosecutors charged a 22-year-old Oregon man with operating a botnet that had shut down the X social-media site earlier this year.
But the FBI’s takedown last month appeared to have an unwanted consequence: freeing up as many as 95,000 devices to be taken over by new botnet overlords. That led to a free-for-all to take over the machines “as fast as possible,” said Damian Menscher, a Google engineer.
The operators of a rival botnet, called Aisuru, seized control of more than one-fourth of them and immediately started launching attacks that are “breaking records,” he said.
On Sept. 1, the network services company Cloudflare said it had measured an attack that clogged up computer networks with 11.5 trillion bits of junk information per second. That is enough to consume the download bandwidth of more than 50,000 consumer internet connections. In a post to X, Cloudflare declared this attack, known as a distributed denial of service, or DDoS, a “world record” in terms of intensity. Some analysts see it almost as an advertisement of the botnet’s capabilities.
It was one of several dozen attacks of a similar size that network operators have witnessed over the past weeks. The attacks were very short in duration—often lasting just seconds—and may be demonstrations of the Aisuru capabilities, likely representing just a fraction of their total available bandwidth, according to Nokia.
With the world’s increasing dependence on computer networks, denial-of-service attacks have become weapons of war. Russia’s intelligence service, the GRU, used DDoS attacks on Ukraine’s financial-services industry as a way to cause disruption ahead of its 2022 invasion, U.K. authorities have said.
Botnets such as Aisuru are made up of a range of internet-connected devices—routers or security cameras, for example—rather than PCs, and often these machines can only join one botnet at a time. Their attacks can typically be fended off by the largest cloud-computing providers.
One massive network that Google disrupted earlier this year had mushroomed from at least 74,000 Android devices in 2023 to more than 10 million devices in two years. That made it the “largest known botnet of internet-connected TV devices,” according to a July Google court filing.
This network was being used to click billions of Google advertisements in an ad fraud scheme, Google said, but the massive network “could be used to commit more dangerous cybercrimes, such as ransomware” or denial-of-service attacks, the Google filing said.
To date, denial-of-service attacks are spawned from networks like Aisuru that typically include tens of thousands of computers, not millions, making them easier to defend against.
In the past year, a very large botnet that has typically been used for fraud began launching online attacks. Called ResHydra, it is made up of tens of millions of devices, according to Nokia.
Res Hydra represents a whole new level of problem, said Chris Formosa, a researcher with the networking company Lumen’s Black Lotus Labs. Harnessing a botnet of that size would “do extreme damage to a country.”
