Tag Archive for: boeing

Ransomware Gang Leaks 43GB Of Boeing Data After Demand To Pay Up Doesn’t Fly

/in


boeing has files leaked by lockbit ransomware gang

The Lockbit ransomware group has breached a number of high-profile organizations and companies, such as TSMC in Taiwan, which is effectively the global leader in silicon production. Most recently, though, the international aeronautic and telecommunications company Boeing seemingly fell victim to the group, and subsequently failed to pay ransom. As such, Lockbit has since published the data, which totals 43GBs.

Toward the end of October, the Lockbit group posted that they had compromised Boeing and made off with a significant amount of sensitive data. The deadline to complete negotiations was November 2nd before the group would leak said data. At first, it seemed that Boeing was engaging with the threat actors after the listing was pulled down. However, Boeing was relisted on November 7th, and six days later, the data was published.

lockbit boeing has files leaked by lockbit ransomware gang

The data, which is now available through Lockbit’s website, includes what appears to be primarily backup files from a handful of different systems, such as Citrix Xen Desktop, Ivanti Service Management, and others. We have not gone through what is available, but this sort of information provides threat actors invaluable insights into the inner workings of Boeing’s network. With that, other threat actors might have an easier time getting into Boeing, especially if any new relevant vulnerabilities crop up in the future.

files boeing has files leaked by lockbit ransomware gang

At the end of the day, this is only one breach in a long list of breaches, especially from LockBit, as these sorts of threat actors work to outpace efforts to prevent the attacks. In this case, though, we hope the Boeing breach will serve as a good reminder to the company and others to stay on top of cybersecurity, to prevent future attacks due to leaked internal infrastructure knowledge. We will have to see, so stay tuned to HotHardware for coverage of Boeing’s breach and other cybersecurity events.

Source…

Ransomware attack on Boeing leads to major data leak by LockBit

/in


LockBit, a notorious ransomware group, has reportedly released all data stolen from Boeing in a recent ransomware attack. This follows Boeing’s apparent refusal to meet the ransomware group’s demands. The leaked data, amounting to approximately 50GB, was made public early Friday, consisting of compressed archives and backup files related to various systems.

Nature of the stolen data

Prior to this full release, LockBit had uploaded files allegedly linked to Boeing’s financial and marketing activities, as well as supplier details. The exposed data also includes Citrix logs, raising speculation that the ransomware group exploited the Citrix Bleed vulnerability to infiltrate Boeing’s systems. Boeing, however, has not confirmed the initial entry point used in the attack.

Independent verification of the data dump’s authenticity is pending, as reported by The Register. Boeing has remained tight-lipped about the specifics of the stolen files. In a statement, a Boeing spokesperson acknowledged a cybersecurity incident affecting the parts and distribution business. They emphasized ongoing investigations in collaboration with law enforcement and regulatory authorities, asserting that the incident poses no threat to aircraft or flight safety.

Security researcher Dominic Alvieri noted that the files include corporate emails, which could be particularly useful for malicious actors. “I haven’t gone over the whole data set but Boeing emails and a few others stand out as useful for those with malicious intent,” Alvieri told The Register.

Timeline of the cyberattack

LockBit first listed Boeing on its dark-web site on Oct. 28. Boeing confirmed an IT intrusion affecting its parts and distribution business to The Register on Nov. 2. Initially, Boeing was removed from LockBit’s leaks site amid purported negotiations, but it appears these discussions either failed or didn’t occur, leading to Boeing’s reappearance on the LockBit extortion website.

In a related development, China’s largest bank, ICBC, also fell victim to ransomware attacks this week, disrupting its financial services. LockBit claimed responsibility for this attack as well.

Source…

Boeing claimed by LockBit ransom gang

/in


Leading global aerospace, commercial jetliner manufacturer, and US military and defense contractor The Boeing Company is being claimed by the LockBit ransomware gang.

The Russian-linked ransomware group posted Boeing as its latest conquest Friday around 2 p.m. ET on its dark leak site.


“We are assessing this claim,” a Boeing
spokesperson told Cybernews in a brief statement Friday just after 4:40 p.m. ET.

LockBit says it has a tremendous amount of sensitive data that will be published if the company does not contact the group by a November 2nd deadline of 1:23 pm UTC – roughly six days from Friday.

“For now, we will not send lists or samples to protect the company BUT we will not keep it like that until the deadline,” LockBit posted.

“All available data will be published!” the group stated.

Boeing Lockbit 2
LockBit leak site


LockBit has not provided the amount of data allegedly exfiltrated from Boeing but lists the company and its subsidiaries as worth 60 billion dollars. The company reportedly employs over 150,000 people.

The global aviation and space technology leader “develops, manufactures, sells, services, and supports commercial jetliners, military aircraft, satellites, missile defense, human space flight, and launch systems and services worldwide,” LockBit posted.

According to malware researchers vx-underground, who discussed the attack with the gangs’ leaders, Lockbit claims they haven’t spoken to Boeing yet and refused to disclose what type of data might have been exfiltrated.

However, attackers say they breached the company via a zero-day exploit, although no further details on the nature of the supposed vulnerability were disclosed.

Researchers also noticed that Lockbit gave Boeing six days to begin negotiation, while typically victim’s are given ten day to reach out to cybercriminals.

Interestingly, Boeing was delisted from the gang’s blog sometime between October 30 and October 31. Delisting a company from the dark web blog can signify that the company has started negotiating with the cybercrooks or even agreed to submit to the demands of the criminals.

We have reached out to Boeing for clarification on the company’s removal from the dark web blog.

Source…

Boeing investigating ransomware threat

/in