LockBit releases Boeing's stolen files

Leaked files apparently include financial info

LockBit releases Boeing's stolen files

Russian-linked cyber gang LockBit claims to have leaked all the data is stole from Boeing earlier this year, after the aerospace giant refused to pay the ransom.

The group released the files just before the weekend, including about 50GB of compressed archives and backup files.

Previously, LockBit had teased the release with files they claimed were related to Boeing's finances, marketing activities and suppliers.

https://twitter.com/malwrhunterteam/status/1722914117994885515?ref\\_src=twsrc%5Etfw

Screenshots show stolen Citrix logs, highlighting the possibility that LockBit exploited the NetScaler vulnerability known as CitrixBleed. This is the same flaw speculated to have been an entry point in the recent attack on China's ICBC, the world's largest bank.

Boeing told The Register:

"Elements of Boeing's parts and distribution business recently experienced a cybersecurity incident. We are aware that, in connection with this incident, a criminal ransomware actor has released information it alleges to have taken from our systems. We continue to investigate the incident and will remain in contact with law enforcement, regulatory authorities, and potentially impacted parties, as appropriate. We remain confident this incident poses no threat to aircraft or flight safety."

LockBit first claimed to have stolen data from Boeing in late October, allegedly breaching the company through a zero-day exploit. The gang gave Boeing just six days for negotiations, with a deadline of 2nd November - a surprisingly short window.

It appears that LockBit and Boeing did start talking - the cybercrime group removed Boeing from its leak site, at least - but these appear to have fallen through.

LockBit has a history of hitting big, high-profile targets. Last year it managed to breach Windows Exchange Server, and this year has been linked to attacks on Royal Mail and ION Trading.

Computing says:

Boeing took the right stance here in refusing to pay the ransom. Doing so simply funds future criminal activity, and there is no guarantee that the threat actors - who, after all, are criminals - won't turn around and release the stolen data anyway. That happened to Dolly.com, a US-based moving platform, just this weekend, proving that there's no honour among thieves.

That said, evidence does point to Boeing at least talking to LockBit. Whether negotiations failed, or Boeing decided the data wasn't worth what was being demanded, we can unfortunately never know.