lockbit attacks SpaceX

Date:

March 15, 2023

World map

Overview

Title

lockbit attacks SpaceX

Victim

SpaceX

Attacker

LockBit

Location

Hawthorne, USA

Hawthorne, California

Size of Attack

Unknown/TBD

First Reported

March 15, 2023

Last Updated

October 31, 2022

The LockBit ransomware gang is claiming to have exfiltrated data from SpaceX by infiltrating a third-party supplier. The group implies the attack originated at a third party called Maximum Industries that contracts with SpaceX for waterjet and laser cutting services.  

“LockBit claims it looted ‘3,000 drawings’ certified by SpaceX engineers. As proof, the gang’s website on the Dark Web has published a few of the stolen documents, including a drawing of what appears to be a Raptor V2 engine from the Elon Musk-led company,” reported PC Magazine.

LockBit posted SpaceX to the group’s leaks website with the threat to expose the sensitive data of a ransom demand is not met.

Takeaway: LockBit is one of the most prolific and dangerous ransomware groups operating today. It's infuriating that LockBit and other ransomware operators revel in the chaos and pain they cause, given that pain increases pressure on victims to pay the ransom demands. Victims' pain is the attackers' gain. And that pain will remain until we can eliminate the financial incentive for ransomware attacks.

Furthermore, LockBit raises concerns because it's a threat to both Windows and Linux systems. In fact, it's surprising there isn't more attention on the multiple ransomware operators who have expanded their capabilities to include Linux distributions. Groups like LockBit, IceFire, Black Basta and Cl0p all have Linux targeting capabilities. Thus, we could expect attacks in the near future to cause widespread disruptions across several key sectors. Most people are unaware that Linux runs about 80% of web servers, most every smartphone, supercomputers, and embedded and IoT devices used in manufacturing and energy.

Linux is favored for large network applications like data centers and drives most of the U.S. government and military networks, our financial systems, and the backbone of the internet. Despite this, we barely see mention of Linux advancements in the media. It's frustrating because anyone running critical Linux distributions should start preparing to defend these systems that, until recently, had rarely been attacked - let alone attacked with ransomware. Linux systems have very few security solution options available to adequately defend them, and virtually none that focus on stopping ransomware specifically. This issue has been overlooked and had the potential to cause a serious crisis - one ensures would make the Colonial Pipeline attack look like a blip - the consequences could be catastrophic.

Additionally, if you examine the variance in LockBit's targeting - with victims today including SpaceX and the L.A. Housing Authority - it's likely that LockBit has automated the early stages of their attacks by scanning for the kinds of vulnerabilities CISA just announced they will be alerting critical infrastructure providers about. The LockBit payload has advanced security tool evasion capabilities and dangerously fast encryption speeds. They continue to improve their attack platform by introducing new capabilities in new version releases, including more advanced anti-analysis features. These factors will all come together soon to potentially create the perfect ransomware storm, where multiple critical infrastructure providers are disrupted simultaneously.

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.

The LockBit ransomware gang is claiming to have exfiltrated data from SpaceX by infiltrating a third-party supplier...

Oh no!

This attack's description was not found, while we work on the detailed account of this attack we invite you to browse through other recent Rasomware Attacks in the table below.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.

LockBit attacks Leos Jeans
Date
November 15, 2023
Ransomware group
LockBit
Location

Butzbach, Germany

Butzbach, Germany

Industry
Retail Trade
Victim
Leos Jeans
LockBit attacks Leos Jeans
Date
November 15, 2023
Ransomware group
LockBit
Location

Butzbach, Germany

Butzbach, Germany

Industry
Retail Trade
Victim
Leos Jeans
BlackCat/ALPHV attacks 4set
Date
November 14, 2023
Ransomware group
ALPHV
Location

Bizkaia, Spain

Basco, Spain

Industry
Professional, Scientific & Technical Services
Victim
4set
BlackCat/ALPHV attacks 4set
Date
November 14, 2023
Ransomware group
ALPHV
Location

Bizkaia, Spain

Basco, Spain

Industry
Professional, Scientific & Technical Services
Victim
4set
Cuba attacks DiagnosTechs
Date
November 14, 2023
Ransomware group
Cuba
Location

Federal Way, USA

Washington, USA

Industry
Professional, Scientific & Technical Services
Victim
DiagnosTechs
Cuba attacks DiagnosTechs
Date
November 14, 2023
Ransomware group
Cuba
Location

Federal Way, USA

Washington, USA

Industry
Professional, Scientific & Technical Services
Victim
DiagnosTechs
NoEscape attacks Carespring Health Care Management
Date
November 14, 2023
Ransomware group
NoEscape
Location

Cincinnati, USA

Ohio, USA

Industry
Healthcare
Victim
Carespring Health Care Management
NoEscape attacks Carespring Health Care Management
Date
November 14, 2023
Ransomware group
NoEscape
Location

Cincinnati, USA

Ohio, USA

Industry
Healthcare
Victim
Carespring Health Care Management
BlackCat/ALPHV attacks Execuzen
Date
November 14, 2023
Ransomware group
ALPHV
Location

London, United Kingdom

London, United Kingdom

Industry
Professional, Scientific & Technical Services
Victim
Execuzen
BlackCat/ALPHV attacks Execuzen
Date
November 14, 2023
Ransomware group
ALPHV
Location

London, United Kingdom

London, United Kingdom

Industry
Professional, Scientific & Technical Services
Victim
Execuzen
LockBit attacks University of the Aegean
Date
November 13, 2023
Ransomware group
LockBit
Location

Mytilene, Greece

Mytilene, Greece

Industry
Education
Victim
University of the Aegean
LockBit attacks University of the Aegean
Date
November 13, 2023
Ransomware group
LockBit
Location

Mytilene, Greece

Mytilene, Greece

Industry
Education
Victim
University of the Aegean
LockBit attacks Hotel Ampere Paris
Date
November 12, 2023
Ransomware group
LockBit
Location

Paris, France

Paris, France

Industry
Accommodations & Food Services
Victim
Hotel Ampere Paris
LockBit attacks Hotel Ampere Paris
Date
November 12, 2023
Ransomware group
LockBit
Location

Paris, France

Paris, France

Industry
Accommodations & Food Services
Victim
Hotel Ampere Paris
LockBit attacks Carson Team
Date
November 12, 2023
Ransomware group
LockBit
Location

Portland, USA

Oregon, USA

Industry
Other
Victim
Carson Team
LockBit attacks Carson Team
Date
November 12, 2023
Ransomware group
LockBit
Location

Portland, USA

Oregon, USA

Industry
Other
Victim
Carson Team
Cuba attacks Port Adelaide FC
Date
November 12, 2023
Ransomware group
Cuba
Location

Alberton, Australia

South Australia, Australia

Industry
Arts, Entertainment & Recreation
Victim
Port Adelaide FC
Cuba attacks Port Adelaide FC
Date
November 12, 2023
Ransomware group
Cuba
Location

Alberton, Australia

South Australia, Australia

Industry
Arts, Entertainment & Recreation
Victim
Port Adelaide FC
LockBit attacks Floortex
Date
November 11, 2023
Ransomware group
LockBit
Location

Tewkesbury, United Kingdom

Gloucestershire, United Kingdom

Industry
Manufacturing
Victim
FloorTex
LockBit attacks Floortex
Date
November 11, 2023
Ransomware group
LockBit
Location

Tewkesbury, United Kingdom

Gloucestershire, United Kingdom

Industry
Manufacturing
Victim
FloorTex