“A large amount of sensitive data has been filtered and is ready to be released if Boeing – a company worth $60 billion – does not pay the ransom before November 2,” the Lockbit hacker group announced on October 28. According to Reuters , Boeing did not meet the hacker’s request so the deadline was postponed to this week.
On the morning of November 11, data information confirmed by Lockbit as belonging to Boeing was spread throughout security forums. “The hacker group did not lie, the download links were opened within 30 minutes. More than 50 GB of data stolen from within Boeing has been published. Including information related to Citrix backups , Ivanti, security control backup, email…”, said security incident analysis site Hackhunting . The largest backup found was “boeing.com.7z”, 21.6 GB in size, related to Boeing’s main domain and database details.
A 21.6 GB data file believed to belong to Boeing was made public by hacker group Lockbit on November 11. Source: Malware Hunter Team
Reuters said that most of the data just published by the hacker group was extracted in October. However, the accuracy and impact of the data have not yet been verified.
Meanwhile, Boeing confirmed that “departments” in the company’s sales and components distribution groups have encountered cybersecurity incidents. “We know that ransomware criminals have disclosed information believed to be taken from the company’s system. Parties are likely to be affected if this information is true,” Reuters quoted Boeing’s announcement.
The company said it “remains confident” the incident is not a threat to the aircraft or the safety of flights. However, Boeing declined to comment on whether the Lockbit hacker group obtained defense or other sensitive data.
The attack severely affected the company’s parts distribution business. The Boeing website used to sell aircraft parts, software and services has been down since last week. Customers visiting Boeing’s official website only see a helmet with the company logo, along with a message saying the system is down due to a network failure.
Boeing’s sales website announced a shutdown due to a network problem. Screenshots
According to information from cybersecurity company Trend Micro, Lockbit first appeared on Russian-language cybercrime forums in January 2020. This group then targeted many large organizations in the US, India and Brazil. Security experts evaluate Lockbit as “one of the most professionally organized gangs in the criminal underworld”. According to the US Cybersecurity and Infrastructure Security Agency (CISA), this group has attacked 1,700 organizations in the US.
On November 10, the American branch of the Public Bank of China was attacked with ransomware , causing transaction operations to be interrupted. Reuters quoted analysts as saying that Lockbit may be the organization behind the attack.
Khuong Nha (According to Reuters, Hackhunting )
EN 
VI
Leave a Reply
You must be logged in to post a comment.