- Almost 45 gigabytes of data reportedly stolen from Boeing was leaked by the Russia-affiliated group claiming responsibility for a ransomware attack against the aircraft company.
- The leaked file names denote Citrix logs, email backups, provisioning services, audits and security controls dated as recently as Oct. 22, according to a screenshot posted by researchers on X, the site formerly known as Twitter.
- “We are aware that, in connection with this incident, a criminal ransomware actor has released information it alleges to have taken from our systems,” a Boeing spokesperson said via email. “We continue to investigate the incident and will remain in contact with law enforcement, regulatory authorities, and potentially impacted parties, as appropriate. We remain confident this incident poses no threat to aircraft or flight safety,” the spokesperson said.
LockBit, the prolific ransomware group that initially claimed responsibility for the attack on Oct. 27, published the allegedly stolen files on Friday. Boeing first confirmed it was responding to a cyberattack impacting its parts and distribution business on Nov. 2.
The aerospace and defense company did not answer questions about the type and potential sensitivity of the files leaked or how the threat actor gained access to its systems.
Some parts of Boeing’s global services site remain down.
Boeing has yet to file a disclosure about the incident with the Securities and Exchange Commission.
LockBit and affiliates have claimed responsibility for multiple high-profile attacks of late, including a U.S. subsidiary of China’s largest bank last week and exploits of a critical vulnerability in Citrix devices.
The threat group is responsible for about 1,700 ransomware attacks against U.S. organizations and has received about $91 million in ransoms since early 2020, according to a joint cybersecurity advisory published in June by the Cybersecurity and Infrastructure Security and other cyber authorities.