UK chancellor Rachel Reeves is blaming Moscow for Britain’s latest cyber woes, an attribution that seems about as solid as wet cardboard given the trail of evidence pointing to attackers much closer to home.

In an interview with ITV on Monday, Reeves suggested Moscow’s fingerprints were on recent cyber incidents affecting major UK firms. The comments appeared to allude to the recent hacks on Marks & Spencer, Co-op, Harrods, and Jaguar Land Rover, though the chancellor stopped short of naming any specific cases.

Regardless, she insisted the threat facing UK businesses was “coming from hostile states, states like Russia,” and claimed “a number of these attacks originate in Russia by Russian-backed entities”, without providing evidence to support the allegation.

Days prior to the interview, the UK’s National Crime Agency announced that it had cuffed four suspects over the Marks & Spencer breach: three Brits and a Latvian. Investigators allege the quartet belong to Scattered Spider, an English-speaking social engineering crew that has plagued companies on both sides of the Atlantic. The NCA claimed it had also linked the four suspects to the recent attacks on Co-op and Harrods.

Meanwhile, researchers believe that the group, rather than being run by Kremlin-sponsored operators, consists mainly of young miscreants from the UK and US, adept at SIM-swapping, phishing, and sweet-talking call center staff.

The same group has also been linked to the recent Jaguar Land Rover cyberattack that shuttered factories across the UK and overseas for weeks, costing millions in lost production.

Authorities, meanwhile, have characterized Scattered Spider as a criminal gang, not a state-sponsored unit – unless the Kremlin has suddenly started hiring Mancunians and Californians to do its dirty work. Reeves’ claim sits awkwardly alongside both the NCA’s own arrests and years of analysis. To date, no credible researcher has described them as a Russian front.

ITV even followed up Reeves’ interview with a piece headlined “Was the chancellor right to accuse Russia of being behind recent UK cyber attacks?” – a question it seemed to have already answered.

While not linked to the recent cyberattacks on UK businesses, it’s unlikely Russia has been twiddling its thumbs. Moscow has a history of conducting disruptive cyber operations in the UK, from the 2018 GRU hack-and-leak incident to its ongoing attempts at espionage and influence operations.

Whitehall no doubt sees classified intelligence suggesting Russia’s fingerprints on some recent incidents, but lumping in the recent retailer hacks with state-backed campaigns risks muddying the waters and undermining confidence in government messaging.

Reeves’ comments may prove to be little more than a political flourish and a reminder to voters that Russia remains a hostile state. But unless the government produces evidence tying Moscow to the recent retail and automotive meltdowns, the record shows a different culprit: a ragtag bunch of English-speaking miscreants who think nothing of locking down a multinational while sitting in their bedrooms.

For businesses trying to understand the threats they face, that distinction matters. ®