LockBit releases Boeing's stolen files

Leaked files apparently include financial info

Tom Allen
clock • 2 min read
LockBit releases Boeing's stolen files

Russian-linked cyber gang LockBit claims to have leaked all the data is stole from Boeing earlier this year, after the aerospace giant refused to pay the ransom.

The group released the files just before the weekend, including about 50GB of compressed archives and backup files.

Previously, LockBit had teased the release with files they claimed were related to Boeing's finances, marketing activities and suppliers.

Screenshots show stolen Citrix logs, highlighting the possibility that LockBit exploited the NetScaler vulnerability known as CitrixBleed. This is the same flaw speculated to have been an entry point in the recent attack on China's ICBC, the world's largest bank.

Boeing told The Register:

"Elements of Boeing's parts and distribution business recently experienced a cybersecurity incident. We are aware that, in connection with this incident, a criminal ransomware actor has released information it alleges to have taken from our systems. We continue to investigate the incident and will remain in contact with law enforcement, regulatory authorities, and potentially impacted parties, as appropriate. We remain confident this incident poses no threat to aircraft or flight safety."

LockBit first claimed to have stolen data from Boeing in late October, allegedly breaching the company through a zero-day exploit. The gang gave Boeing just six days for negotiations, with a deadline of 2nd November - a surprisingly short window.

It appears that LockBit and Boeing did start talking - the cybercrime group removed Boeing from its leak site, at least - but these appear to have fallen through.

LockBit has a history of hitting big, high-profile targets. Last year it managed to breach Windows Exchange Server, and this year has been linked to attacks on Royal Mail and ION Trading.

Computing says:

Boeing took the right stance here in refusing to pay the ransom. Doing so simply funds future criminal activity, and there is no guarantee that the threat actors - who, after all, are criminals - won't turn around and release the stolen data anyway. That happened to Dolly.com, a US-based moving platform, just this weekend, proving that there's no honour among thieves.

That said, evidence does point to Boeing at least talking to LockBit. Whether negotiations failed, or Boeing decided the data wasn't worth what was being demanded, we can unfortunately never know.

You may also like
Police service faces £750k fine for data breach

Threats and Risks

ICO reduces PSNI fine from £5.6 million

clock 24 May 2024 • 2 min read
UK considering mandatory reporting for ransomware attacks

Threats and Risks

Plan also includes a complete ban on ransom payments from organisations running critical infrastructure

clock 23 May 2024 • 4 min read
Microsoft Build 2024: Five things to know about Copilot+ PCs

Artificial Intelligence

“We’re going to have a big refresh moment,” says Microsoft VP Mark Linton

clock 22 May 2024 • 7 min read

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Security

Asian Tech Roundup: Pressure grows in US-China trade war

Asian Tech Roundup: Pressure grows in US-China trade war

Plus: Google 'accidentally' deletes pension fund's cloud account

Tom Allen
clock 17 May 2024 • 4 min read
Maritime security: 'Hacking a ship is just like hacking a Tesla but bigger'

Maritime security: 'Hacking a ship is just like hacking a Tesla but bigger'

Cyberattacks on shipping up 400-500% in five years, Lloyds List Intelligence

John Leonard
clock 16 May 2024 • 4 min read
Tories self-refer to ICO over data breach

Tories self-refer to ICO over data breach

Revealed hundreds of personal email addresses by forgetting to BCC

Tom Allen
clock 15 May 2024 • 2 min read