Aerospace giant Boeing says it has suffered a “cyber incident” that has impacted its parts and distribution business. The admission came after ransomware gang LockBit posted the company to its dark web blog, claiming a successful attack.
Boeing has subsequently been removed from the blog, prompting speculation that it may have entered into negotiations with the gang. The company is one of the biggest players in aerospace and reported revenue of $75bn last year.
Boeing cyberattack? LockBit claims responsibility
LockBit posted Boeing to its blog on Friday, saying that it had stolen “a tremendous amount of sensitive data”. The group said it planned to release the information online today, Thursday 2 November, if its demands were not met by the company. It did not disclose a ransom demand, but Boeing has since been removed from the LockBit blog.
A spokesperson for the company confirmed it was dealing with a “cyber incident”, but said the issue “does not affect flight safety”. The spokesperson said: “We are actively investigating the incident and coordinating with law enforcement and regulatory authorities. We are notifying our customers and suppliers.”
Researchers at malware repository vx-underground say they have spoken to LockBit members about the breach, and that it was perpetrated by one of the gang’s ransomware affiliates using a zero-day, or previously unknown, exploit in one of Boeing’s networks. However, this claim has not been verified.
Yesterday Lockbit ransomware group listed Boeing on their victims list. Boeing is a multinational American company with an estimated annual revenue of $66,610,000,000. They have over 150,000 employees worldwide. Boeing serves both the public and private sector.— vx-underground (@vxunderground) October 28, 2023
We spoke with… pic.twitter.com/gOiGcdWpAk
The Boeing spokesperson did not comment on whether a ransom demand has been paid.
LockBit’s reign of ransomware terror
Operating out of Russia, LockBit is one of the most active ransomware gangs in the world and seems to target organisations indiscriminately. In August, it threatened to leak data belonging to cancer patients that it had stolen from a US company, Varian Medical Technologies.
Other recent victims include leading chipmaker TSMC, which had data stolen earlier this year as part of a supply chain attack by LockBit on one of its suppliers. The gang used a similar tactic to gain information from the UK’s Ministry of Defence, stolen in a breach of a company that made fences for MoD sites around the country.
The gang’s malware is sometimes referred to as LockBit 3.0, as it is in its third iteration. Security researchers have noted similarities between LockBit 3.0 and malware from two other Russian cybercriminal gangs, Blackmatter and Blackcat, leading some to suggest that the groups may share members or affiliates.