In a post on its leak site, prolific ransomware threat group LockBit claims that it breached Boeing, and said that it will start releasing sensitive data it purportedly stole from the company’s systems if ransom demands aren’t met by Nov. 2.
“A tremendous amount of sensitive data was exfiltrated and ready to be published if Boeing do (sic) not contact within deadline!” the LockBit post shared by cybersecurity analyst Dominic Alvieri read. “For now we will not send lists or samples to protect the company BUT we will not keep it like that until the deadline.”
The post included a countdown clock to the deadline.
A Boeing spokesperson told Dark Reading, “We are assessing this claim.”
LockBit boasted it accessed Boeing’s systems with a zero-day vulnerability.
If this turns out to be true, James Dyer, threat intelligence lead at Egress, predicts a long recovery road ahead for the sprawling multinational aviation and aerospace organization.
“This incident is not only worrying because of its immediate threat but also in terms of the fallout,” Dyer said in a statement. “Ultimately, the company and customers could now be at greater risk from increased phishing attacks using credentials compromised in the other initial attack — otherwise known as business email compromise (BEC).”
LockBit has been the most active ransomware threat group over the past year, according to Black Kite’s head of research, Ferhat Dikbiyik, but he added in a statement that the group doesn’t traditionally target organizations as large as Boeing.
“LockBit appears to be proceeding cautiously by not immediately publishing any sample data,” he noted.
This seems to be a departure from previous operations. Last August, LockBit breached a UK defense contractor, Zaun Ltd., and leaked sensitive data on the physical security surrounding several agencies in the UK Ministry of Defence.