{ "id": "66ae615a-6d29-46e7-aa17-115f2b9810c3", "created_at": "2026-04-06T00:22:18.617394Z", "updated_at": "2026-04-10T03:29:40.093416Z", "deleted_at": null, "sha1_hash": "65ac1daf484f1616acb0b1ca132e55d02897b897", "title": "LockBit brags: We'll leak thousands of SpaceX blueprints stolen from supplier", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 46081, "plain_text": "LockBit brags: We'll leak thousands of SpaceX blueprints stolen\r\nfrom supplier\r\nBy Jessica Lyons\r\nPublished: 2023-03-13 · Archived: 2026-04-02 11:38:34 UTC\r\nRansomware gang Lockbit has boasted it broke into Maximum Industries, which makes parts for SpaceX, and\r\nstole 3,000 proprietary schematics developed by Elon Musk's rocketeers.\r\nThe prolific cybercrime crew also mocked the SpaceX supremo, and threatened to leak or sell on the blueprints\r\nfrom March 20 if the gang's demands to pay up aren't met. This may therefore be a bill Musk can't avoid to\r\nreconcile, unlike others, reportedly.\r\n\"I would say we were lucky if SpaceX contractors were more talkative. But I think this material will find its buyer\r\nas soon as possible,\" Lockbit posted on its dark-web homepage, according to a screenshot shared on Twitter by\r\nsecurity analyst Dominic Alvieri.\r\nWe take that broken English to mean Maximum Industries may not be willing to cough up so far, yet the gang\r\nbelieves it may be paid either way: the ransom demand is provided to ensure any stolen files remain unpublished,\r\nor someone else will purchase a copy of the data anyway. What's interesting is that the schematics by themselves\r\nmay not be that useful: you still have to manufacture the parts, which is non-trivial, and then use them without\r\nsetting off suspicion.\r\nA leak would still be embarrassing, and might attract unwanted attention from the US government – for the crooks\r\nand the businesses involved, given the reliance on SpaceX to launch stuff for Uncle Sam.\r\n\"Elon Musk, we will help you sell your drawing to other manufacturers — build the ship faster and fly away,\" the\r\ngang continued. It also claimed the 3,000 drawings had been \"certified\" by SpaceX engineers, but we can't\r\nconfirm if anyone outside of the ransomware gang has verified the purloined dataset is what it's claimed to be.\r\nNeither SpaceX nor Maximum Industries responded to The Register's calls and emails seeking comment on the\r\nreported security breach.\r\nThese SpaceX claims follow several others by LockBit-affiliated criminals, which aren't always the most honest\r\nbunch about what — if anything — they've stolen.\r\nLast month, the same group of miscreants claimed to have infiltrated financial technology firm ION and\r\nthreatened to publish stolen data on February 4 if the software provider doesn't pay up. LockBit said the ransom\r\nwas paid, but they didn't provide any proof and ION declined to comment. \r\nLockBit's Royal Mail ransom deadline flies by. No data released\r\nLockBit brags it pumped ION full of ransomware\r\nPepsi Bottling Ventures says info-stealing malware swiped sensitive data\r\nhttps://www.theregister.com/2023/03/13/lockbit_spacex_ransomware/\r\nPage 1 of 2\n\nIntruder alert: WH Smith hit by another cyber attack\r\nMeanwhile, another alleged LockBit victim, Royal Mail in the UK, resumed international shipments in February\r\nafter confirming a \"cyber incident\" the month prior. Ultimately, the malware slingers appeared to have given up on\r\ngetting the ransom they asked from Royal Mail before publishing some files they claimed were from the stolen\r\nloot.\r\nThe UK mail service told Reuters that its investigation didn't find any financial or sensitive customer information\r\namong the data the thieves stole. ®\r\nStop press\r\nAs we were going live with this article, the ALPHV ransomware crew claimed it had hit Amazon's doorbell-maker\r\nRing, and was attempting to extort the biz.\r\nA spokesperson for Ring told The Register it doesn't believe it was attacked: \"We currently have no indications\r\nthat Ring has experienced a ransomware event.\"\r\nIt's believed a third-party supplier suffered an intrusion of some kind, though, and that this vendor does not have\r\naccess to Amazon or Ring customer information. The internet giant is working with its supplier regarding this\r\nsnafu. We'll let you know when we know more – drop us a note if you have any insight to share.\r\nSource: https://www.theregister.com/2023/03/13/lockbit_spacex_ransomware/\r\nhttps://www.theregister.com/2023/03/13/lockbit_spacex_ransomware/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.theregister.com/2023/03/13/lockbit_spacex_ransomware/" ], "report_names": [ "lockbit_spacex_ransomware" ], "threat_actors": [ { "id": "6e23ce43-e1ab-46e3-9f80-76fccf77682b", "created_at": "2022-10-25T16:07:23.303713Z", "updated_at": "2026-04-10T02:00:04.530417Z", "deleted_at": null, "main_name": "ALPHV", "aliases": [ "ALPHV", "ALPHVM", "Ambitious Scorpius", "BlackCat Gang", "UNC4466" ], "source_name": "ETDA:ALPHV", "tools": [ "ALPHV", "ALPHVM", "BlackCat", "GO Simple Tunnel", "GOST", "Impacket", "LaZagne", "MEGAsync", "Mimikatz", "Munchkin", "Noberus", "PsExec", "Remcom", "RemoteCommandExecution", "WebBrowserPassView" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434938, "ts_updated_at": 1775791780, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/65ac1daf484f1616acb0b1ca132e55d02897b897.pdf", "text": "https://archive.orkl.eu/65ac1daf484f1616acb0b1ca132e55d02897b897.txt", "img": "https://archive.orkl.eu/65ac1daf484f1616acb0b1ca132e55d02897b897.jpg" } }