LockBit, a well-known ransomware group, has allegedly published all the information stolen from Boeing following a recent ransomware attack. This comes after Boeing’s apparent decision not to comply with the ransomware group’s demands. The leaked data, which amounts to approximately 50GB, was made public early Friday. It consists of compressed archives and backup files related to various systems.
Nature of the stolen data
Prior to this full release, LockBit had already uploaded files supposedly linked to Boeing’s financial and marketing activities, as well as supplier details. The exposed data also includes Citrix logs, fueling speculation that the ransomware group exploited the Citrix Bleed vulnerability to invade Boeing’s systems. However, Boeing has not confirmed the initial point of entry used in the attack.
The Register reported that there is no independent verification of the data dump’s authenticity yet. Boeing has chosen to remain silent about the specifics of the stolen files. In a statement, a Boeing spokesperson acknowledged a cybersecurity incident affecting the parts and distribution business. They highlighted ongoing investigations in collaboration with law enforcement and regulatory authorities, asserting that the incident poses no threat to aircraft or flight safety.
According to security researcher Dominic Alvieri, the files contain corporate emails, which could be particularly valuable for malicious actors. “I haven’t gone over the whole data set but Boeing emails and a few others stand out as useful for those with malicious intent,” Alvieri told The Register.
Timeline of the cyberattack
LockBit first listed Boeing on its dark-web site on Oct. 28. Boeing confirmed an IT intrusion affecting its parts and distribution business to The Register on Nov. 2. Initially, Boeing was removed from LockBit’s leaks site amid purported negotiations, but it appears these discussions either failed or didn’t occur, leading to Boeing’s reappearance on the LockBit extortion website.
In a related development, China’s largest bank, ICBC, also fell victim to ransomware attacks this week, disrupting its financial services. LockBit claimed responsibility for this attack as well.
