LockBit ransomware, a cybercriminal group that offers its malware as a service to other hackers, has leaked more than 43GB of files from Boeing, one of the largest aerospace companies that services commercial airplanes and defense systems.

Before the leak, LockBit hackers said that Boeing ignored warnings that data would become publicly available and threatened to publish a sample of about 4GB of the most recent files.

Backup data published

The hackers claimed to have stolen “a tremendous amount of sensitive data” from Boeing in a cyberattack that occurred on October 27, 2023. They posted Boeing on their site, where they list their victims and demand ransom payments, and gave the company a November 2nd deadline to contact them and engage in negotiations.

However, Boeing did not respond to the hackers’ demands or provide any details about the incident or how the hackers breached its network. Boeing only confirmed that it was aware of a “cybersecurity incident” and that it was “working to resolve the situation as quickly and safely as possible” .

Boeing disappeared from LockBit’s list of victims for a period but was listed again on November 7, when the hackers announced that their warnings had been ignored. They threatened to publish “just around 4GB of sample data (most recent)” and said that they would release the entire databases “if we do not see a positive cooperation from Boeing” .

On November 10, LockBit released on their site all the data they had from Boeing. Among the files are configuration backups for IT management software, and logs for monitoring and auditing tools. Backups from Citrix appliances are also listed, which sparked speculation about LockBit ransomware using the recently disclosed Citrix Bleed vulnerability (CVE-2023-4966), for which proof-of-concept exploit code was published on October 24 .

LockBit is one of the most resilient ransomware-as-a-service (RaaS) operations, having been active for more than four years and making thousands of victims across various sectors. Among the victims are Continental automotive giant, the UK Royal Mail, the Italian Internal Revenue Service, and the City of Oakland.

The U.S. government said in June that the gang extorted about $91 million since 2020 in close to 1,700 attacks against various organizations in the country. However, the gang operates internationally. In August, the Spanish National Police warned of a phishing campaign that targeted architecture firms in the country to encrypt systems with LockBit’s locker malware .