LockBit hackers publish 43GB of stolen Boeing data following cyber attack

Ransomware group LockBit has published 43GB of data stolen from Boeing after the aerospace giant refused to give in to ransom demands following a cyber attack late last month. Most of the data listed on the hacker group’s leak site are backups for various systems. LockBit published the data about a week after Boeing confirmed it had fallen victim to a cyber attack.

Boeing stated that the incident did not impact flight safety but failed to provide any details about the incident or how the hackers breached its network. It said it was collaborating with law enforcement and regulatory agencies as part of an ongoing investigation.

LockBit claims to have stolen “tremendous amount of sensitive data”

LockBit first posted about Boeing on their site on October 27, claiming to have stolen a “tremendous amount of sensitive data” which it said it was ready to publish. The group gave Boeing a November 2 deadline to contact them and engage in negotiations, before revealing 4GB of sample data to signify the seriousness of its intentions amid the firm’s ongoing silence. On November 10, LockBit released all the data they had from Boeing. Among the files are configuration backups for IT management software and logs for monitoring and auditing tools, reported Bleeping Computer.

Backups from Citrix appliances are included in the published data, sparking speculation that LockBit used the recently disclosed Citrix Bleed vulnerability (CVE-2023-4966) to carry out the attack.

LockBit has extorted US$91 million since 2020

LockBit is a ransomware-as-a-service (RaaS) operator that has been active for more than four years with thousands of victims across various sectors to its name. In June, the US Government revealed that the group has extorted around $91 million since 2020. “The LockBit RaaS and its affiliates have negatively impacted organizations, both large and small, across the world. In 2022, LockBit was the most active global ransomware group and RaaS provider in terms of the number of victims claimed on their data leak site,” read a cybersecurity advisory from the US Cybersecurity and Infrastructure Security Agency (CISA).

Sign up to Cyber Security Hub’s upcoming webinar All Access: Malware and Ransomware