A Russia-linked hacking gang has leaked sensitive files stolen from major US defense contractor Boeing, just a day after the group was blamed for a cyber attack on banks that disrupted US government bond markets.
LockBit, a ransomware gang that extorts its victims by encrypting their systems and releasing their data unless paid, published the stolen Boeing files on its dark web site early Friday.
The group was also involved in a cyber attack on Thursday on the US financial services division of the Industrial and Commercial Bank of China (ICBC), the world’s largest bank by assets.
The breach hampered ICBC’s ability to settle U.S. Treasury bond transactions, forcing the bank to send couriers with USB drives around Manhattan to complete the deals, causing a stunning disruption to the U.S. financial system. Bloomberg reported.
“We have seen back-to-back attacks against a huge defense contractor and a huge financial institution. It is concerning,” Brett Callow, a threat analyst at cybersecurity firm Emsisoft, told DailyMail.com.
“Sooner or later an attack will affect something completely critical and cause a serious meltdown,” he added.
LockBit, a Russia-linked ransomware gang, has leaked sensitive files stolen from major US defense contractor Boeing
A file photo shows a U.S. Army Boeing CH-47F Chinook tandem rotor helicopter. Boeing is the third largest defense contractor in the world
LockBit is a so-called ‘double extortion’ gang that not only encrypts user data, but threatens to release it if their ransom demands, which could run into the millions, are not met. It often works with smaller partners who gain initial access to victim systems.
The group is made up of Russian speakers and the US Department of Justice has charged several Russian nationals in connection with the gang, which dubiously claims to be a multinational criminal enterprise based in the Netherlands.
LockBit ransomware has been detected around the world, with victims including Britain’s Royal Mail, French luxury goods company Nuxe and Japan’s main cargo port Nagoya.
Last year, cybersecurity firm Trend Micro called the group “one of the most professional organized criminal gangs in the criminal underground” in a report.
According to the US Cybersecurity and Infrastructure Security Agency (CISA), the group has victimized approximately 1,700 US organizations.
LockBit first claimed responsibility for the Boeing breach in October, saying it had obtained “an enormous amount” of sensitive data from the aerospace giant and would release it if Boeing did not pay a ransom by November 2.
The group appears to have followed through on its threat by releasing a batch of stolen files on Friday, although the authenticity of the data could not immediately be verified.
“Elements of Boeing’s parts and distribution operations recently experienced a cybersecurity incident,” a Boeing spokesperson told DailyMail.com on Friday.
“We are aware that in connection with this incident, a criminal ransomware actor has released information that he claims to have extracted from our systems,” he added.
“We continue to investigate the incident and will liaise with law enforcement agencies, regulators and potentially affected parties as appropriate. “We remain confident that this incident does not pose a threat to aircraft or flight safety,” the spokesperson said.
LockBit was also linked to a cyberattack on Thursday on the US financial services division of the Industrial and Commercial Bank of China (ICBC), the world’s largest bank by assets.
The New York Stock Exchange takes place on Friday. The breach hampered ICBC’s ability to settle U.S. Treasury bond transactions, forcing the bank to send couriers carrying USB drives around Manhattan with settlement data.
Unusually, LockBit has not publicly claimed responsibility for the ICBC breach, although several cybersecurity researchers and experts said the attack bore the hallmarks of the group.
ICBC, a Chinese state-owned bank, did not immediately respond to a request for comment from DailyMail.com on Friday afternoon.
Russia-linked hacker gangs typically operate with the tacit approval of the Kremlin, as long as they do not target victims in Russia or its allies.
In the past, Chinese state-affiliated organizations have rarely been targeted by such gangs, although LockBit claimed responsibility for the attack on the Hong Kong branch of China’s state-run newspaper China Daily in March.
Callow, the Emsisoft threat analyst, said LockBit’s latest high-profile targets raised concerns that hackers could soon penetrate critical targets in the US.
“The Colonial Pipeline incident – which cut off fuel supplies to the entire East Coast – is a prime example of what could happen,” he said, referring to the May 2021 cyberattack that cut off fuel supplies to the US East Coast . Six days.
“The hackers may not even realize how much disruption the attack will cause,” he added.
After the colonial encroachment, a confidential federal assessment found that if the pipeline had remained closed for three to five more days, buses and other public transportation would have had to curtail their operations to save diesel fuel, according to the New York Times.
The report from the Departments of Energy and Homeland Security also found that chemical plants and refineries had been forced to close because they had no way to distribute their products.