Threat Actor Selling 70GB of ITAR-Controlled SEKISUI Aerospace Technical Data Including Boeing 737/787 Tooling, STEP Files, and Military Program Schematics for $200,000

Summary

A threat actor identified as 'nxe' is actively selling 70GB of export-controlled technical data allegedly stolen from SEKISUI Aerospace Corporation, a Tier 1 Boeing supplier. The dataset includes engineering drawings, STEP/CAD files, bills of materials, tooling specifications for Boeing 737 MAX and 787 aircraft, and military program schematics marked as ITAR/EAR-controlled. The sale constitutes a potential violation of U.S. export control law and represents significant supply chain and national security risk.

Full text

Dark Web Informer - Cyber Threat Intelligence Threat Actor Selling 70GB of ITAR-Controlled SEKISUI Aerospace Technical Data Including Boeing 737/787 Tooling, STEP Files, and Military Program Schematics for $200,000 April 13, 2026 - 3:36:21 AM UTC United States / Japan Aerospace / Defense Standalone API Access Now Available High-volume threat-intelligence data, automated ingestion endpoints, ransomware feeds, IOC data, and more. View API Unlock Exclusive Cyber Threat Intelligence Powered by DarkWebInformer.com Stay ahead of cyber threats with real-time breach tracking, expert analysis, and high quality evidence - built for security professionals, researchers, journalists, and everyday people who take their privacy seriously. Subscribe Now Quick Facts Date & Time 2026-04-13 03:36:21 UTC Threat Actor nxe Victim SEKISUI Aerospace Corporation Industry Aerospace / Defense Category Data Breach / IP Sale Data Size 70 GB Export Control EAR 9E991 / ITAR Aircraft Programs Boeing 737 MAX, 787 End Customers Boeing, Lockheed Martin, NASA, Northrop Grumman Price $200,000 (Negotiable) Severity Critical Country United States / Japan Incident Overview A threat actor going by nxe is selling 70GB of export-controlled technical data allegedly from SEKISUI Aerospace Corporation, the U.S. subsidiary of SEKISUI Chemical Japan. SEKISUI Aerospace is a Tier 1 direct supplier for Boeing 737 and 787 programs, Spirit AeroSystems, Triumph Group, and multiple U.S. military programs. The company specializes in advanced composite structures, precision assembly tooling, and thermoplastic components and welding used in fuselage, wing, keel beam, and interior structures. Named end customers include Boeing Commercial, Boeing Defense, NASA, Lockheed Martin, and Northrop Grumman. All drawings and models in the package are marked "EXPORT CONTROLLED: EAR 9E991 / ITAR Technical Data," meaning none of the material can legally be exported from the United States without an approved BIS or DDTC license. The sale of this data on a public forum constitutes a potential violation of U.S. export control law regardless of who purchases it. The actor states the data was previously sold exclusively to them as a one-time sale, and they are now reselling it. The 70GB technical data package contains: Engineering Drawings: Technical PDF files with full production engineering documentation. CAD Files: Complete STEP files in AP242 format, compatible with CATIA V5-6R2022 and SolidWorks 2018 through 2024. Bills of Materials: Full BOMs with authentic Boeing part numbers. Tooling and Fixture Data: Production tooling for Boeing 737 MAX Keel Skin Splice Strap, Boeing 787 Section 41 Nose, and interior panel assemblies. Material Specifications: Details for carbon fiber prepreg, thermoplastic PEI and PPS, aluminum 6061-T6, and titanium inserts. Precision Tolerances: Tolerances down to plus/minus 0.0005 inch with GD&T in accordance with ASME Y14.5. 3D Assembly Models: Three-dimensional models of assembly tools including drill jigs, trim fixtures, bonding fixtures, and all related bushings and locator hardware with real Carr Lane and McMaster-Carr part numbers. Process Specifications: Boeing BAC-compliant process specification documents. The actor describes this as production-level technical data from an active Boeing supply chain partner. The price is $200,000 USD and negotiable, with escrow required, samples available upon proof of funds, and contact via Telegram. The specificity of the listing is notable: naming exact aircraft assemblies (737 MAX Keel Skin Splice Strap, 787 Section 41 Nose), exact CAD compatibility versions, exact material grades, exact tolerance standards, and exact hardware supplier part numbers (Carr Lane, McMaster-Carr) suggests genuine familiarity with aerospace manufacturing data rather than fabricated claims. Compromised Data Categories ITAR / EAR Export-Controlled Data Engineering Drawings (PDF) STEP / CAD Files (AP242) Boeing Part Numbers & BOMs 737 MAX Tooling Data 787 Section 41 Nose Data Composite Material Specifications GD&T / ASME Y14.5 Tolerances 3D Assembly Tool Models Boeing BAC Process Specs Military Program Data Supplier Hardware Part Numbers Image Preview Claim URL Subscriber Access Required The original listing URL and unredacted claim images are available on the Threat Feed and Ransomware Feed for paid subscribers. Subscribe Subscriber Access View the original listing URL and unredacted claim images on the feeds below. Threat Feed Ransomware Feed MITRE ATT&CK Mapping T1213 Data from Information Repositories Extracts 70GB of production-level technical data from the aerospace supplier's engineering systems including CAD files, BOMs, process specifications, and tooling documentation. T1199 Trusted Relationship Compromises a Tier 1 Boeing supply chain partner to access production data for Boeing 737 MAX, 787, and military programs, exploiting the trusted supplier relationship. T1005 Data from Local System Collects engineering drawings, STEP/CAD files, Bills of Materials, material specifications, and 3D assembly tool models directly from production engineering systems. T1560 Archive Collected Data Packages 70GB of export-controlled aerospace technical data for sale, with samples available upon proof of funds and transaction conducted through escrow. T1657 Financial Theft Monetizes stolen defense contractor IP at a $200,000 asking price, representing both industrial espionage value and potential national security implications for ITAR-controlled data. T1567 Exfiltration Over Web Service Advertises the export-controlled data on public forums and conducts sales through Telegram, with escrow required and proof of funds needed before sample access. Dark Web Informer © 2026 | Cyber Threat IntelligenceDarkWebInformer.com

Indicators of Compromise

• malware — EAR 9E991

Entities