The Boeing Company, a jetliner manufacturer and US defense contractor, had the company’s data leaked by the LockBit ransomware gang. So far, around 50 gigabytes of compressed data was uploaded LockBit's dark web blog.
LockBit has allegedly started leaking data that the gang stole from Boeing in late October. The Cybernews research team noted there's around of 50 GB of supposedly Boeing's data. Bulk of the data appears to be various backups.
Organizations backup various data, mostly to be able resuming operations in the event of a data incident. File names of the allegedly leaked Boeing backups indicate they were made recently.
Earlier this week, attackers leaked the first batch of information which included a trove of sensitive company data, such as engine part suppliers and technical operators, as well as Boeing’s financial and marketing data.
We have reached out to Boeing for confirmation of the data’s authenticity. However, at the time Boeing responded saying the company is "aware of a cyber incident impacting elements of our parts and distribution business."
"This issue does not affect flight safety. We are actively investigating the incident and coordinating with law enforcement and regulatory authorities. We are notifying our customers and suppliers," Boeing told Cybernews.
The attackers published the data on their dark web blog, with an added note saying that Boeing had ignored the gang’s warnings. Typically, such a warning is an indication that the company refuses to succumb to the gang’s ransom demands.
According to the Cybernews research team, the first batch of leaked data seems to be a part of an extortion campaign to force Boeing to pay the ransom.
“The first batch of released data is quite generic. However, companies often keep such information for inside use only: like training material with internal systems for employees, supplier distribution information, parts of older strategy data, reports, etc., that seems to be sensitive, but not critical,” researchers said.
What Boeing data was leaked?
The leaked data sample appears to include several gigabytes of stolen data, ranging from training materials to a list of the company’s technical suppliers.
For example, the data allegedly includes the names, locations, and phone numbers of Boeing’s suppliers and distributors across Europe and North America.
The supplier’s info reveals what they support within the company’s structure, including airframe manufacturing, structural mechanics, computer and electronics, etc. The data also includes customers and who supplies them.
However, at least some of the information seems to be from no later than 2019.
The leaked materials also include the company’s strategic documents from 2018, detailing Boeing’s forecast for the need for pilots until 2027. Market research data from 2018 includes hundreds of different suppliers and contractors.
The company’s financial details include sales, rebates, cost of poor quality (COPQ) reports, pricing with net cost, and list price data for 2020.
Other details include information in folders named “Hazardous Waste,” “Rotorcraft,” and “Business Cases,” as well as files with Boeing’s internal training materials, specifying how to connect to specific systems and who should have access to them.
Who attacked Boeing?
Boeing was uploaded to LockBit’s leak site on October 27th, with the company telling Cybernews that it was assessing the claim at the time. Last week, Boeing confirmed cyberattack has impacted the company.
The LockBit group first appeared on the ransomware scene sometime in late 2019. Since then, the gang has climbed to the top of the food chain, topping many lists in terms of victimized organizations.
The threat actors are said to have executed over 1,400 attacks against victims in the US and around the world, including Asia, Europe, and Africa.
The gang’s notorious ransomware variant LockBit 3.0 – also known as LockBit Black – is now in its third iteration and is considered the most evasive version of all previous strains, a US Department of Justice report said.
The group is also said to have received tens of millions of dollars in actual ransom payments collected in Bitcoin.
More from Cybernews:
Subscribe to our newsletter