Boeing claimed by LockBit ransom gang


Leading global aerospace, commercial jetliner manufacturer, and US military and defense contractor The Boeing Company is being claimed by the LockBit ransomware gang.

The Russian-linked ransomware group posted Boeing as its latest conquest Friday around 2 p.m. ET on its dark leak site.

“We are assessing this claim,” a Boeing spokesperson told Cybernews in a brief statement Friday just after 4:40 p.m. ET.

ADVERTISEMENT

LockBit says it has a tremendous amount of sensitive data that will be published if the company does not contact the group by a November 2nd deadline of 1:23 pm UTC – roughly six days from Friday.

“For now, we will not send lists or samples to protect the company BUT we will not keep it like that until the deadline,” LockBit posted.

“All available data will be published!" the group stated.

Boeing Lockbit 2
LockBit leak site

LockBit has not provided the amount of data allegedly exfiltrated from Boeing but lists the company and its subsidiaries as worth 60 billion dollars. The company reportedly employs over 150,000 people.

The global aviation and space technology leader “develops, manufactures, sells, services, and supports commercial jetliners, military aircraft, satellites, missile defense, human space flight, and launch systems and services worldwide,” LockBit posted.

According to malware researchers vx-underground, who discussed the attack with the gangs' leaders, Lockbit claims they haven't spoken to Boeing yet and refused to disclose what type of data might have been exfiltrated.

ADVERTISEMENT

However, attackers say they breached the company via a zero-day exploit, although no further details on the nature of the supposed vulnerability were disclosed.

Researchers also noticed that Lockbit gave Boeing six days to begin negotiation, while typically victim's are given ten day to reach out to cybercriminals.

Interestingly, Boeing was delisted from the gang's blog sometime between October 30 and October 31. Delisting a company from the dark web blog can signify that the company has started negotiating with the cybercrooks or even agreed to submit to the demands of the criminals.

We have reached out to Boeing for clarification on the company's removal from the dark web blog.

Who is LockBit?

The LockBit group first appeared on the ransomware scene sometime late 2019, according to industry insiders. Since then, the gang has climbed on the top of the food chain, topping many lists in terms of victimized organizations.

The threat actors are said to have executed over 1,400 attacks against victims in the US and around the world, including Asia, Europe, and Africa .

The gang’s notorious ransomware variant LockBit 3.0 – also known as LockBit Black – is now in its third iteration and is considered the most evasive version of all previous strains, a US Department of Justice report said.

The variant also hapens to share similarities with two other Russian-linked ransomware; BlackMatter and BlackCat (ALPHV/BlackCat), the DOJ said.

Boeing Lockbit
LockBit dark leak site
ADVERTISEMENT

“Affiliates deploying LockBit 3.0 gain initial access to victim networks via remote desktop protocol (RDP) exploitation, drive-by compromise, phishing campaigns, abuse of valid accounts, and exploitation of public-facing applications,” the DOJ reports.

The group is also said to have received tens of millions of dollars in actual ransom payments collected in Bitcoin.

But it's not all as smooth as it seems. An August profile on the group by chief security analyst Jon DiMaggio of Analyst 1 says that LockBit is currently experiencing a slew of management problems.

DiMaggio said that the disarray has led to the gang NOT publishing stolen data as it promises in their threats to victims.

Instead, DiMaggio reports that from February through June of this year, Lockbit was solely relying on empty threats and its infamous reputation to convince the victims to pay its ransom demands.

Updated on October 29 [12:30 PM GMT] with additional details about the supposed hack.

Updated on October 31 [01:05 PM GMT] with information about the company's removal from the gang's blog.


ADVERTISEMENT

Comments

The Boss
prefix 1 year ago
Interesting
Leave a Reply

Your email address will not be published. Required fields are markedmarked