Boeing investigating leaked data after LockBit allegedly publishes stolen info

Omega Balla
Airplane maker Boeing said it is investigating data leaked by a prominent Russia-based ransomware gang that was allegedly stolen from the company.

Airplane maker Boeing said it is investigating data leaked by a prominent Russia-based ransomware gang that was allegedly stolen from the company.

Two weeks ago, the aviation manufacturing giant confirmed that its parts and distribution business was affected by a cyberattack.

On Friday, the LockBit ransomware gang published 50GB of information it allegedly stole from the company after days of adding and removing the company from its leak site. The gang made several unverified claims that it was negotiating a ransom with Boeing before talks fell through.

In a statement to Recorded Future News on Monday, Boeing said it would notify anyone whose information may have been leaked.

“Elements of Boeing’s parts and distribution business recently experienced a cybersecurity incident. We are aware that, in connection with this incident, a criminal ransomware actor has released information it alleges to have taken from our systems,” a spokesperson said.

“We continue to investigate the incident and will remain in contact with law enforcement, regulatory authorities, and potentially impacted parties, as appropriate. We remain confident this incident poses no threat to aircraft or flight safety.”

Data shared by LockBit actors indicates the group may have exploited CVE-2023-4966 — a recently disclosed vulnerability known colloquially as “Citrix Bleed” — in its attack on Boeing.

Several cybersecurity experts praised Boeing for not buckling and paying the ransom.

“Refusing to pay a ransom is the right thing to do. If everyone followed Boeing’s path, ransomware ROI would become an uneconomical vector, and eventually cease to exist,” said Coro co-founder Dror Liwer.

LockBit continues to cause untold damage to organizations across the world, far outpacing any other ransomware gang in terms of attacks launched. Last week, the Querétaro Intercontinental Airport confirmed it was dealing with a cyberattack the same LockBit ransomware hackers claimed to have targeted the airport.

The gang surpassed 2,000 attacks in recent months putting it more than 1,000 attacks ahead of the next closest group according to statistics from Recorded Future.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Ransomware attack on Ohio city impacts multiple services

Next Post

FBI takes down IPStorm malware botnet as hacker behind it pleads guilty

Related Posts

Researchers Warn of Chinese-Aligned Hackers Targeting South China Sea Countries

Cybersecurity researchers have disclosed details of a previously undocumented threat group called Unfading Sea Haze that's believed to have been active since 2018. The intrusion singled out high-level organizations in South China Sea countries, particularly military and government targets, Bitdefender said in a report shared with The Hacker News. "The investigation revealed a troubling
Read More