LockBit releases Boeing's stolen files

Leaked files apparently include financial info

Tom Allen
clock • 2 min read
LockBit releases Boeing's stolen files

Russian-linked cyber gang LockBit claims to have leaked all the data is stole from Boeing earlier this year, after the aerospace giant refused to pay the ransom.

The group released the files just before the weekend, including about 50GB of compressed archives and backup files.

Previously, LockBit had teased the release with files they claimed were related to Boeing's finances, marketing activities and suppliers.

Screenshots show stolen Citrix logs, highlighting the possibility that LockBit exploited the NetScaler vulnerability known as CitrixBleed. This is the same flaw speculated to have been an entry point in the recent attack on China's ICBC, the world's largest bank.

Boeing told The Register:

"Elements of Boeing's parts and distribution business recently experienced a cybersecurity incident. We are aware that, in connection with this incident, a criminal ransomware actor has released information it alleges to have taken from our systems. We continue to investigate the incident and will remain in contact with law enforcement, regulatory authorities, and potentially impacted parties, as appropriate. We remain confident this incident poses no threat to aircraft or flight safety."

LockBit first claimed to have stolen data from Boeing in late October, allegedly breaching the company through a zero-day exploit. The gang gave Boeing just six days for negotiations, with a deadline of 2nd November - a surprisingly short window.

It appears that LockBit and Boeing did start talking - the cybercrime group removed Boeing from its leak site, at least - but these appear to have fallen through.

LockBit has a history of hitting big, high-profile targets. Last year it managed to breach Windows Exchange Server, and this year has been linked to attacks on Royal Mail and ION Trading.


Computing says:

Boeing took the right stance here in refusing to pay the ransom. Doing so simply funds future criminal activity, and there is no guarantee that the threat actors - who, after all, are criminals - won't turn around and release the stolen data anyway. That happened to Dolly.com, a US-based moving platform, just this weekend, proving that there's no honour among thieves.

That said, evidence does point to Boeing at least talking to LockBit. Whether negotiations failed, or Boeing decided the data wasn't worth what was being demanded, we can unfortunately never know.

You may also like
Fortinet confirms data breach

Hacking

Assures customers of limited impact

clock 16 September 2024 • 2 min read
Ransomware targets London branch of China's ICBC

Hacking

We don't yet know whether the bank has paid the ransom

clock 13 September 2024 • 2 min read
Teen arrested over TfL cyberattack

Hacking

And TfL finally confirms customer data was compromised

clock 13 September 2024 • 3 min read
Most read
01

Fortinet confirms data breach

16 September 2024 • 2 min read
02

Ransomware targets London branch of China's ICBC

13 September 2024 • 2 min read
03

Teen arrested over TfL cyberattack

13 September 2024 • 3 min read
04

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

More on Security

Microsoft offers advice on avoiding another CrowdStrike-style outage

Microsoft offers advice on avoiding another CrowdStrike-style outage

Vendors should minimise use of kernel mode, customers should make full use of integrated Windows security features

John Leonard
clock 29 July 2024 • 3 min read
'Gay furry hackers' breach conservative US think tank behind Project 2025

'Gay furry hackers' breach conservative US think tank behind Project 2025

Heritage Foundation calls group "degenerate perverts"

Tom Allen
clock 11 July 2024 • 2 min read
Why 'change' for the UK must include cybersecurity

Why 'change' for the UK must include cybersecurity

Labour needs to to get ahead and demonstrate a commitment to security from the outset

Rick Jones
clock 11 July 2024 • 4 min read