The LockBit ransomware gang has carried out a major data breach against Boeing, one of the leading aerospace companies globally. After Boeing refused to pay the ransom, LockBit leaked over 43GB of sensitive files, including backups for various systems with a timestamp as recent as October 22.
Furthermore, the cybercriminals had warned Boeing, indicating that the data would be made public, but when the warnings were ignored, LockBit followed through on its threat, publishing the stolen data, which includes configuration backups for IT management software and logs for monitoring and auditing tools.
The situation unfolded with LockBit initially posting Boeing on their site on October 27, setting a November 2 deadline for negotiations. Despite disappearing from LockBit’s victim list briefly, Boeing reappeared on November 7, leading to the release of the data on November 10.
Notably, the leaked files include backups from Citrix appliances, fueling speculation about the potential use of the recently disclosed Citrix Bleed vulnerability. While Boeing acknowledged the cyberattack, specific details about the breach and the hackers’ entry into the network remain undisclosed.
LockBit has a notorious reputation as a resilient ransomware-as-a-service (RaaS) operation, active for over four years, with a widespread impact across various sectors. Some of its previous victims include Continental, the UK Royal Mail, the Italian Internal Revenue Service, and the City of Oakland. The U.S. government reported in June that the gang had extorted approximately $91 million since 2020 through close to 1,700 attacks on various organizations in the country. LockBit’s international reach was further emphasized in August when the Spanish National Police warned of a phishing campaign targeting architecture firms, using LockBit’s locker malware to encrypt systems.