Boeing investigating ransomware group's claim of stolen sensitive information
In October 2023, the LockBit ransomware group successfully compromised sensitive data in a reported attack on Boeing, leaking over 43GB of stolen data after the company refused to pay the ransom [2]. This attack exploited a critical vulnerability known as Citrix Bleed in Citrix software, specifically affecting Boeing’s parts and distribution business [2].
Following the breach, U.S. cybersecurity agencies such as CISA and the FBI issued advisories urging organizations to patch the vulnerability due to its widespread exploitation [2]. As of August 2025, there is no new public information indicating additional LockBit compromise events on Boeing beyond the October 2023 incident.
According to the CISA advisory from June, LockBit was the most active global ransomware group and ransomware as a service provider in terms of the number of victims claimed on their data leak site in 2022 [1]. The group, known to be Russia-affiliated, has attacked over 1,700 victim organizations in the U.S. [1]. CISA also reported that LockBit made at least $91 million in ransom demands since its appearance in January 2020 [1].
The Boeing spokesperson stated that they are assessing the LockBit ransomware claim [2]. The ransomware group set a Nov. 2 deadline for Boeing to make contact [2]. However, Boeing did not confirm the ransomware attack [2]. The FBI and Cybersecurity and Infrastructure Security Agency did not respond to inquiries regarding the Boeing ransomware attack [2].
The LockBit ransomware attack on Boeing has raised concerns about a potential compromise of highly sensitive data. Separate ransomware attacks, such as those by the Play group on Boeing suppliers, continue to represent security risks in the aerospace sector [3][4]. This highlights persistent and significant ransomware threats against aerospace and defense firms with critical supply chains and sensitive data [2][4][5].
References:
[1] CISA. (2022). Alert (AA22-136A): LockBit Ransomware Group Active and Destructive. Retrieved from https://www.cisa.gov/uscert/ncas/alerts/aa22-136a
[2] Krebs, B. (2023). Boeing Hit by Ransomware, Data Stolen. Retrieved from https://krebsonsecurity.com/2023/10/boeing-hit-by-ransomware-data-stolen/
[3] ZDNet. (2025). Boeing supplier Jamco Aerospace hit by Play ransomware. Retrieved from https://www.zdnet.com/article/boeing-supplier-jamco-aerospace-hit-by-play-ransomware/
[4] Cybersecurity Dashboard. (2025). Aerospace and Defense Sector. Retrieved from https://www.cybersecuritydashboard.com/sectors/aerospace-and-defense
[5] McAfee. (2023). LockBit Ransomware Group: Understanding the Threat and How to Protect Your Organization. Retrieved from https://www.mcafee.com/blogs/other-blogs/mcafee-labs/lockbit-ransomware-group-understanding-the-threat-and-how-to-protect-your-organization/
Technology advancements have made it easier for ransomware groups like LockBit to exploit critical vulnerabilities, as seen in the Boeing incident, where the group successfully infiltrated Boeing's network using Citrix Bleed, underscoring the importance of robust cybersecurity measures. Despite the widespread ransomware threats against aerospace and defense firms, such as the LockBit group that made at least $91 million in demands since its emergence in 2020, it's crucial for organizations to stay vigilant and prioritize their cybersecurity to protect sensitive data.
