Ransomware gang LockBit allegedly leaked a batch of sensitive data from Boeing after the US aircraft manufacturer “ignored” its warnings, a report from tech media outlet Cybernews said.
On October 27, 2023, LockBit claimed that it had stolen “a tremendous amount” of sensitive data from Boeing and would leak it online if Boeing failed to pay a ransom by November 2, 2023.
Boeing acknowledged the attack on November 1, 2023, saying that while it was aware of a cyber incident impacting elements of its parts and distribution business, the issue does not affect flight safety.
On November 6, 2023, cybernews published a screenshot taken from LockBit’s dark web site, showing “timer stopped” in its headline.
LockBit’s site showed that its timer stopped on November 2, 2023 at 16:20 UTC, the ransom deadline it had allegedly given Boeing.
“Boeing ignored our warnings. We start to publish data. In first batch we will publish just around 4GB of sample data. In a few days, we will publish around half terabyte of databases if we do not see a positive cooperation from the company,” LockBit stated.
Between October 30-31, 2023, Boeing was removed from LockBit’s hack threat list, leading to speculation that the aircraft manufacturer had entered into negotiations with the ransomware group.
What data from Boeing was leaked?
From what could be seen on LockBit’s site, leaked information ranged from training materials to a list of the company’s technical suppliers.
Cybernews claimed the data allegedly included the names, locations, and phone numbers of Boeing’s suppliers and distributors across Europe and North America.
The leaked data also allegedly included Boeing’s financial details including sales, rebates, cost of poor quality (COPQ) reports, pricing with net cost, and list price data for 2020.
There were also folders named ‘Hazardous Waste’, ‘Rotorcraft’, and ‘Business Cases’, as well as files with Boeing’s internal training materials, with instructions about how to connect to specific systems and who should have access to them.
Boeing told cybernews that it is “actively investigating the incident and coordinating with law enforcement and regulatory authorities.”
The Virginia-based manufacturer also said that it is notifying its customers and suppliers.
Who/what is LockBit?
LockBit is a cybercriminal group that uses double extortion tactics where they not only encrypt the victim’s data but also threaten to leak it if their demands are not met.
According to Canadian security service eSentire, LockBit operators are Russian-speaking and its affiliates are “one of the most prolific, destructive and lucrative ransomware groups in operation today”.
The FBI estimated that between January 2020 and June 2023, the LockBit gang launched 1,700 attacks against US organizations, many in critical infrastructure sectors. The group was found to have collected in total approximately $91 million.