LockBit Takes Responsibility for Boeing Attack
Boeing Released a Statement
The passenger jet giant reportedly refused to pay the ransom demand, prompting the gang to dump the files online. This latest leak includes approximately 50GB of data in the form of compressed archives and backup files for various systems.
Previously, the extortionists had uploaded some files related to company finances, marketing activities, and supplier details. However, the latest release encompasses a much larger volume of data.
Screenshots of the stolen information revealed several Citrix logs, leading to speculation that LockBit exploited Citrix Bleed to gain unauthorized access to Boeing's systems. The aerospace company has refrained from commenting on the initial point of entry into its systems.
In response to inquiries, a spokesperson sent a prepared statement via email out to media:
"Elements of Boeing's parts and distribution business recently experienced a cybersecurity incident. We are aware that, in connection with this incident, a criminal ransomware actor has released information it alleges to have taken from our systems.
We continue to investigate the incident and will remain in contact with law enforcement, regulatory authorities, and potentially impacted parties, as appropriate. We remain confident this incident poses no threat to aircraft or flight safety."
According to security researcher Dominic Alvieri, the leaked files also include corporate emails. Alvieri noted that while he had not analyzed the entire data set, the Boeing emails and a few others stood out as potentially useful for malicious actors.
LockBit had first listed Boeing on its dark-web site on October 28. On November 2, Boeing confirmed to The Register that it had suffered a cybersecurity breach.
This incident highlights the growing threat of ransomware attacks targeting large corporations. The LockBit crew's actions serve as a warning to companies across various industries. It reinforces the importance of robust cybersecurity measures and the need for organizations to prioritize the protection of sensitive data.
Boeing continues to work closely with law enforcement agencies, regulatory authorities, and potential affected parties to mitigate the impact of the breach. The investigation into the incident remains ongoing as the aerospace company aims to identify the full extent of the data breach and take appropriate action.
As the cybersecurity landscape evolves, it is crucial for companies to stay vigilant and proactive in safeguarding their systems and information. The fallout from this breach serves as a stark reminder of the potential consequences of failing to effectively protect valuable data.