A breach of a third party vendor appears to have provided the LockBit ransomware gang with 3,000 sensitive SpaceX engineering schematics, which the criminals are threatening to take to auction if the company does not pay up.
SpaceX has previously had internal documents stolen by a ransomware gang, about three years ago. In that case a third party vendor was also breached, though it was the DoppelPaymer ransom group that was behind the extortion. The difference in this case is that the LockBit ransomware gang has accelerated directly to threatening SpaceX itself rather than the less well-funded contractor, but it appears that in both cases payment is going to be refused.
Third party vendor was in the manufacturing sector
It is still not completely clear what the extent of the information that was stolen is, something that is worrying given SpaceX’s status as a defense contractor. The samples that the LockBit ransomware group posted only indicate that they have schematics for SpaceX’s most recent rockets.
LockBit ransomware has been one of the most active strains as of late, and third party vendors are quite often a target of opportunity. Most of the victims of this ransomware are small businesses, and only about 20% fall into the “large enterprise” category. The group has also almost tripled its monthly victim count since January.
LockBit ransomware gang touts SpaceX engineering drawings
The breach appears to be legitimate; aside from the samples of engineering drawings, SpaceX has confirmed that third party vendor Maximum Industries was breached. The company is a laser cutting services provider for major manufacturers and is located fairly close to SpaceX’s rocket production facilities in Texas. The LockBit ransomware gang also posted a non-disclosure agreement signed by the two companies as proof.
At minimum, the breach of the third party vendor could mean that rival firms would gain some competitive ground on SpaceX if they were to obtain the stolen documents. There could be even greater complications if documents related to national defense projects are in the mix. Political knives have been out for Elon Musk since his takeover of Twitter, as an assemblage of mostly Democrat party members have expressed their displeasure at how he handles the platform’s business and aligns himself politically.
The Lockbit ransomware gang had promised to leak more documents if SpaceX did not respond within five days, but that deadline appears to have passed without any further developments. It is not clear if that means SpaceX entered into communications with the hackers, or if they have simply backed off of their threats for now. There has yet to be any sign of attempts to sell the documents on the dark web. The prior third party vendor compromise by DopplePaymer did end in a leak of SpaceX documents (along with some from Lockheed Martin and Boeing), after about a month of threats; however, that ransomware group was menacing the contractor directly rather than SpaceX.