Overnight, a 9.5-gigabyte archive of information pertaining to [the French company] Thales was published on the website of the cybercrime gang Lockbit. The archive houses information about Thales contracts and partnerships in Italy and Malaysia. When contacted by Le Monde, Thales confirmed that the data had been posted on the hackers' website, but claimed that "no intrusion" had occurred into the company's IT system.
"Thales' security experts have narrowed down one of two possible sources of the information theft. It was a partner's account on a dedicated exchange portal that led to the disclosure of a limited amount of information," said a company spokesperson, adding that its teams are working to identify the second source. Thales also stated that the data leak has no impact on its business.
The documents published on Lockbit's website mention, among other items, a project announced in 2018 by Thales and Malaysia-based Novatis Resources to implement aerial surveillance tools for Malaysia's Kota Kinabalu airport. The documents, which are dated 2021, indicate the project and the company's monitoring.
Other files discuss Thales' contracts in Italy, particularly in Florence, to support an automated ticket sales system for public transportation services. The archive appears to include no personal information about the company's employees.
Lockbit announced earlier this month that it had data stolen from Thales and threatened to publish it on its website. The cybercriminal group then announced a November 7 release date. On that day, the site posted a message stating that the data had been published but did not provide access to it, casting doubt on the attack's factuality. The stolen files were eventually discovered on the site during the night of November 10 to 11.
Lockbit has claimed an attack on Thales before: in January, the group announced that it had stolen data from the company. The data released at the time consisted primarily of code repositories from the company's external server, data deemed "not very sensitive" by the French company.
On Thursday, US authorities revealed the arrest of a Canadian citizen suspected of working for the Lockbit group. This citizen, who holds dual Russian and Canadian citizenship, is currently being held in detention awaiting extradition to the United States.
According to court documents, a search conducted by law enforcement agencies in August resulted in the seizure of the suspect's computer, which disclosed traces of logins to the control panel of Lockbit's ransomware, as well as messages exchanged with LockBitSupp, an account used by the cybercriminal group to provide support for its software.
As per the US Attorney's Office, a file on the suspect's computer contained a list of past and future Lockbit group targets. During a second search, investigators discovered a cryptocurrency wallet belonging to the suspect, which contained 0.8 bitcoin (€13,482 at the time of publication). This bitcoin came from a ransom payment made by one of the Lockbit group's victims. The suspect faces a maximum sentence of five years in prison.