Executive Summary
The LockBit ransomware gang recently leaked gigabytes of data stolen from Boeing, a major aerospace company. Prior to the leak, the hackers had warned Boeing about the impending data release and threatened to publish a sample of the most recent files. Despite these warnings, Boeing did not respond, prompting the hackers to release over 43GB of files, including backups for various systems.
The leaked data includes information such as training materials, a list of technical suppliers, and strategic documents. It also contains financial details, market research data, and internal training materials. The leaked materials provide insights into Boeing’s supplier network, customers, and internal operations. It is worth noting that some of the information appears to be from 2019 or earlier.
Boeing confirmed the cyberattack but did not disclose specific details about the incident or the breach of its network.
The LockBit ransomware gang is known for its resilience and has targeted various organisations across sectors. The gang has extorted significant sums of money and has been responsible for numerous cyberattacks worldwide.
What Happened
The LockBit ransomware gang published data stolen from Boeing, one of the largest aerospace companies that services commercial airplanes and defence systems.
Before the leak, LockBit hackers said that Boeing ignored warnings that data would become publicly available and threatened to publish a sample of about 4GB of the most recent files. The ransomware actor posted Boeing on their site on October 27 and gave the company a November 2nd deadline to contact them and engage in negotiations.
Boeing disappeared from LockBit’s list of victims for a period but was listed again on November 7, when the hackers announced that their warnings had been ignored.
When the company continued to be silent, the LockBit ransomware gang decided to show that they had a bargaining chip and threatened to publish “just around 4GB of sample data (most recent).” The hackers also threatened that they would publish the databases “if we do not see a positive cooperation from Boeing.”
On November 10, LockBit released on their site 43GB data they had from Boeing.
While Boeing confirmed the cyberattack, the company did not provide any details about the incident or how the hackers breached its network.
We are aware that, in connection with this incident, a criminal ransomware actor has released information it alleges to have taken from our systems,
We continue to investigate the incident and will remain in contact with law enforcement, regulatory authorities, and potentially impacted parties, as appropriate.
Boeing said.
Please refer to our recent news article for information about this incident. We will continue to monitor this developing story and provide you with updates.
The Data Leaked
LockBit ransomware has leaked more than 43GB of files from Boeing. Most of the data listed on the hacker group’s leak site are backups for various systems, the most recent of them with an October 22 timestamp.
The leaked data sample ranges from training materials to a list of the company’s technical suppliers.
The data allegedly includes the names, locations, and phone numbers of Boeing’s suppliers and distributors across Europe and North America.
The supplier’s info reveals what they support within the company’s structure, including airframe manufacturing, structural mechanics, computer and electronics, etc. The data also includes customers and who supplies them.
The leaked materials also include the company’s strategic documents from 2018, detailing Boeing’s forecast for the need for pilots until 2027. Market research data from 2018 includes hundreds of different suppliers and contractors. The company’s financial details include sales, rebates, cost of poor quality (COPQ) reports, pricing with net cost, and list price data for 2020.
Other details include information in folders named “Hazardous Waste,” “Rotorcraft,” and “Business Cases,” as well as files with Boeing’s internal training materials, specifying how to connect to specific systems and who should have access to them.
According to the Cybernews research team, the first batch of leaked data seems to be a part of an extortion campaign to force Boeing to pay the ransom.
The first batch of released data is quite generic. However, companies often keep such information for inside use only: like training material with internal systems for employees, supplier distribution information, parts of older strategy data, reports, etc., that seems to be sensitive, but not critical,
researchers said.
- Visa Restriction Policy: Combating Misuse of Commercial Spyware
- [CVSS 9+] Critical WordPress Backup Plugin Vulnerability
- Air Europa Customer Credit Card Breach
- Maine’s MOVEit Breach: 1.3M Individuals Affected in the US
- [CVSS 9+] F5 Warns of Critical BIG-IP Vulnerability
- Massive Data Leak in Brazil: 223 Million Victims