Boeing investigating leaked data after LockBit allegedly publishes stolen info

Airplane maker Boeing said it is investigating data leaked by a prominent Russia-based ransomware gang that was allegedly stolen from the company.

Two weeks ago, the aviation manufacturing giant confirmed that its parts and distribution business was affected by a cyberattack.

On Friday, the LockBit ransomware gang published 50GB of information it allegedly stole from the company after days of adding and removing the company from its leak site. The gang made several unverified claims that it was negotiating a ransom with Boeing before talks fell through.

In a statement to Recorded Future News on Monday, Boeing said it would notify anyone whose information may have been leaked.

“Elements of Boeing’s parts and distribution business recently experienced a cybersecurity incident. We are aware that, in connection with this incident, a criminal ransomware actor has released information it alleges to have taken from our systems,” a spokesperson said.

“We continue to investigate the incident and will remain in contact with law enforcement, regulatory authorities, and potentially impacted parties, as appropriate. We remain confident this incident poses no threat to aircraft or flight safety.”

Data shared by LockBit actors indicates the group may have exploited CVE-2023-4966 — a recently disclosed vulnerability known colloquially as “Citrix Bleed” — in its attack on Boeing.

Several cybersecurity experts praised Boeing for not buckling and paying the ransom.

“Refusing to pay a ransom is the right thing to do. If everyone followed Boeing’s path, ransomware ROI would become an uneconomical vector, and eventually cease to exist,” said Coro co-founder Dror Liwer.

LockBit continues to cause untold damage to organizations across the world, far outpacing any other ransomware gang in terms of attacks launched. Last week, the Querétaro Intercontinental Airport confirmed it was dealing with a cyberattack the same LockBit ransomware hackers claimed to have targeted the airport.

The gang surpassed 2,000 attacks in recent months putting it more than 1,000 attacks ahead of the next closest group according to statistics from Recorded Future.