View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 2, 2023

Boeing confirms ‘cyber incident’ after LockBit claims ransomware attack

The aerospace company says it is investigating a breach after claims from Russian cybercriminals that they have stolen data.

By Matthew Gooding

Aerospace giant Boeing says it has suffered a “cyber incident” that has impacted its parts and distribution business. The admission came after ransomware gang LockBit posted the company to its dark web blog, claiming a successful attack.

Boeing says it has suffered a ‘cyber incident’. (Photo by vaalaa/Shutterstock)

Boeing has subsequently been removed from the blog, prompting speculation that it may have entered into negotiations with the gang. The company is one of the biggest players in aerospace and reported revenue of $75bn last year.

Boeing cyberattack? LockBit claims responsibility

LockBit posted Boeing to its blog on Friday, saying that it had stolen “a tremendous amount of sensitive data”. The group said it planned to release the information online today, Thursday 2 November, if its demands were not met by the company. It did not disclose a ransom demand, but Boeing has since been removed from the LockBit blog.

A spokesperson for the company confirmed it was dealing with a “cyber incident”, but said the issue “does not affect flight safety”. The spokesperson said: “We are actively investigating the incident and coordinating with law enforcement and regulatory authorities. We are notifying our customers and suppliers.”

Researchers at malware repository vx-underground say they have spoken to LockBit members about the breach, and that it was perpetrated by one of the gang’s ransomware affiliates using a zero-day, or previously unknown, exploit in one of Boeing’s networks. However, this claim has not been verified.

The Boeing spokesperson did not comment on whether a ransom demand has been paid.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

LockBit’s reign of ransomware terror

Operating out of Russia, LockBit is one of the most active ransomware gangs in the world and seems to target organisations indiscriminately. In August, it threatened to leak data belonging to cancer patients that it had stolen from a US company, Varian Medical Technologies.

Other recent victims include leading chipmaker TSMC, which had data stolen earlier this year as part of a supply chain attack by LockBit on one of its suppliers. The gang used a similar tactic to gain information from the UK’s Ministry of Defence, stolen in a breach of a company that made fences for MoD sites around the country.

The gang’s malware is sometimes referred to as LockBit 3.0, as it is in its third iteration. Security researchers have noted similarities between LockBit 3.0 and malware from two other Russian cybercriminal gangs, Blackmatter and Blackcat, leading some to suggest that the groups may share members or affiliates.

Read more: Associated Press hit by suspected DDoS attack

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.