Boeing backups published on LockBit ransomware data leak site

The LockBit ransomware gang published data stolen from Boeing, one of the largest aerospace companies that services commercial airplanes and defense systems.

Before the leak, LockBit hackers said that Boeing ignored warnings that data would become publicly available and threatened to publish a sample of about 4GB of the most recent files.

Backup data published

LockBit ransomware has leaked more than 43GB of files from Boeing after the company refused to pay a ransom.

Most of the data listed on the hacker group’s leak site are backups for various systems, the most recent of them with an October 22 timestamp.

The ransomware actor posted Boeing on their site on October 27 and gave the company a November 2nd deadline to contact them and engage in negotiations.

The hackers said at the time they had stolen “a tremendous amount of sensitive data” and were ready to publish it.

Boeing page on LockBit data leak site
Boeing page on LockBit data leak site
source: BleepingComputer

Boeing disappeared from LockBit’s list of victims for a period but was listed again on November 7, when the hackers announced that their warnings had been ignored.

When the company continued to be silent, the LockBit ransomware gang decided to show that they had a bargaining chip and threatened to publish “just around 4GB of sample data (most recent).”

The hackers also threatened that they would publish the databases “if we do not see a positive cooperation from Boeing.”

LockBit threatens Boeing with publishing data
LockBit ransomware threatens Boeing with leaking stolen files
source: FalconFeed

On November 10, LockBit released on their site all the data they had from Boeing. Among the files are configuration backups for IT management software, and logs for monitoring and auditing tools.

Backups from Citrix appliances are also listed, which sparked speculation about LockBit ransomware using the recently disclosed Citrix Bleed vulnerability (CVE-2023-4966), for which proof-of-concept exploit code was published on October 24.

While Boeing confirmed the cyberattack, the company did not provide any details about the incident or how the hackers breached its network.

LockBit is one of the most resilient ransomware-as-a-service (RaaS) operations, having been active for more than four years and making thousands of victims across various sectors.

Among the victims are Continental automotive giant, the UK Royal Mail, the Italian Internal Revenue Service, and the City of Oakland.

The U.S. government said in June that the gang extorted about $91 million since 2020 in close to 1,700 attacks against various organizations in the country.

However, the gang operates internationally. In August, the Spanish National Police warned of a phishing campaign that targeted architecture firms in the country to encrypt systems with LockBit’s locker malware.


Source link