The LockBit ransomware gang published data stolen from Boeing, one of the largest aerospace companies that manufactures commercial planes and defense systems. Before the leak, LockBit hackers said Boeing ignored warnings that the data would become publicly available and threatened to publish a roughly 4GB sample of the latest files.
The aerospace giant had already confirmed the cyber attack on the 2nd of this month, after LockBit announced that it had breached the company’s network and stolen data.
The LockBit gang leaked more than 43 GB of Boeing files after the company refused to pay a ransom. Most of the data listed on the hacker group’s leak website are backups of multiple systems, the most recent of which has a timestamp of October 22.
The ransomware group posted Boeing on its website on October 27 and gave the company a deadline of November 2 to contact them and engage in negotiations. The hackers said at the time that they had stolen “a huge amount of sensitive data” and were ready to publish it.
Boeing disappeared from LockBit’s list of victims for a period, but was listed again last Tuesday, 7, when hackers announced that their warnings had been ignored.
When the company continued to remain silent, the ransomware gang decided to show they had an ace up their sleeve and threatened to publish “only about 4 GB of (most recent) sample data.” The hackers also threatened to publish the databases “if we don’t see positive cooperation from Boeing.”
Last Friday, the 10th, LockBit released all the data it had from Boeing on its website. Among the files are configuration backups for IT management software and logs for monitoring and auditing tools.
Citrix device backups are also listed, which has sparked speculation that LockBit ransomware used the recently disclosed Citrix Bleed vulnerability (CVE-2023-4966), for which proof-of-concept exploit code was published on October 24.
Although Boeing confirmed the cyberattack, the company did not provide details about the incident or how the hackers breached its network.
LockBit is one of the most resilient ransomware-as-a-service (RaaS) operations, having been active for more than four years and claiming thousands of victims across multiple industries. Victims include automotive giant Continental, the United Kingdom’s Royal Mail, the Italian IRS and the city of Oakland.
The U.S. government said in June that the gang has extorted about $91 million since 2020 in about 1,700 attacks against various organizations in the country. However, the gang operates internationally. In August, the Spanish National Police warned about a phishing campaign that targeted architecture companies in the country to encrypt systems with LockBit’s locker malware.
Check the original post at: CisoAdvisor