The operators of the LockBit ransomware published 43 GB of Boeing data after failing to negotiate ransom terms with the company.
The data appears to be backups of various corporate systems and includes configuration backups for IT management software and logs for monitoring and auditing tools.
As reported by BleepingComputerLockBit first added Boeing to its data breach site on October 27, urging the company to reach out and negotiate a ransom payment by November 7.
Ignored warnings
“A massive amount of sensitive data has been exfiltrated and ready to be published if Boeing does not contact within the deadline,” the hackers’ warning said. “For now, we will not send any lists or samples to protect the company, BUT we will not keep it that way until the deadline.”
Shortly afterwards, Boeing disappeared from the LockBit site, which could mean that the company was trying to reach an agreement with the attackers. However, on November 7, Boeing’s name was back. LockBit said the warnings were ignored:
“Boeing ignored our warnings. We will begin publishing data,” the updated announcement reads. “In the first batch we will publish approximately 4 GB of sample data (most recent).” That data was timestamped as October 22, the publication explained.
Three days later the entire database was leaked. Approximately 43 GB of sensitive information, including backups of Citrix devices. This led some people to speculate that LockBit infiltrated Boeing by exploiting the CitrixBleed vulnerability, which was discovered about a month ago and was observed being exploited in the wild.
Cybersecurity researchers at Mandiant recently reported that several government agencies, legal organizations, and other companies around the world were targeted by ransomware through CitrixBleed. The campaigns are said to have started at the end of August this year.
Boeing confirmed the breach, but did not elaborate.