LockBit claims “tremendous” Boeing breach, sets deadline for data leak

The Boeing logo in blue on the side of a building, shot with a telephoto lens.
(Image credit: Getty Images)

LockBit has claimed to have stolen a large amount of data from aerospace defense firm Boeing and threatened to release files if a ransom is not agreed.

The ransomware group issued a post on its dark web disclosure site on 28 October, claiming to have data ready to release on the deadline of 2 November at 13:25:39 UTC.

“A tremendous amount of sensitive data was exfiltrated and ready to be published if Boeing do [sic] not contact within the deadline!” the group stated.

“For now we will not send lists or samples to protect the company BUT we will not keep it like that until the deadline.”

LockBit is known to use double extortion ransomware tactics, in which attackers not only encrypt the data of their victims but also exfiltrate and threaten to leak it as an additional incentive for them to pay a ransom.

Boeing is one of the largest defense contractors in the world and a household name in the aerospace and telecommunications sectors. The firm processes and storage vast quantities of highly sensitive data. 

If proprietary data or information pertaining to defense contracts was included in a breach, the company could suffer reputationally.

The malware and source code collective vx-underground said it had spoken to LockBit members, who claimed to have used a zero-day exploit to access the data. The group provided no further details on the attack chain or the nature of the data allegedly exfiltrated by LockBit

Boeing has yet to provide additional details on the claims from LockBit. 

"We are assessing this claim,” a spokesperson from Boeing told ITPro.

“Boeing appears to be in Lockbit-controlled airspace now. Its name has been added to the leak site, the clock is ticking down to zero, and Lockbit is dictating terms,” said Hüseyin Can Yuceel, researcher at Picus Security.

“The quality of the stolen documents may have a significant bearing on Boeing’s actions this week. Boeing may either choose to dismiss LockBit’s demands or try to negotiate before Thursday.”

LockBit has a track record of claiming attacks on victims who state they have detected no breach in their systems. 


Whitepaper cover with title over image of high rise buildings with red circular digital icons dotted around

(Image credit: Zscaler)

Learn about how the encrypted threat landscape has changed over time


In June 2022 the group stated it had stolen data from the cyber security firm Mandiant, a claim that the supposed victim refuted, and in November of that year a Thales investigation found no evidence of a supposed LockBit data breach.

But LockBit is also known for its persistent and aggressive stance, and its ransomware strain remains the most used worldwide. 

In January 2023, the group hacked Royal Mail and demanded a £65 million ransom. As talks failed to yield a payout, the group leaked 44GB of Royal Mail’s data including HR records and salary files, and lowered the ransom to £33 million.

The US Department of Justice (DoJ) has also put LockBit in its sights with a string of arrests, the latest having occurred with the charging of Russian national Ruslan Magomedovich Astamirov with conspiracy to damage computers for ransom and commit wire fraud.

A Cybersecurity and Infrastructure Security Agency (CISA) report on the group published in June 2023 found that 16% of all US government ransomware incidents in 2022 led back to LockBit.

Rory Bathgate
Features and Multimedia Editor

Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.

In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at rory.bathgate@futurenet.com or on LinkedIn.