Aerospace and defense giant Boeing on Thursday confirmed that it had suffered a cyber incident affecting its parts and distribution business, and the infamous Lockbit ransomware group is reported to be behind the attack.
According to a Boeing spokesperson, the company is taking post-incident steps to rectify the damage, noting that the incident did not compromise aircraft systems or flight safety.
“We are actively investigating the incident and coordinating with law enforcement and regulatory authorities,” Boeing said. “We are notifying our customers and suppliers.”
An X (formerly Twitter) account for the VX Underground website, which bills itself as a distributor of malware samples, source code and research papers, said that Lockbit had added Boeing to its public “victims list.” VX Underground said that it had spoken to Lockbit’s “administrative staff,” who said that the group used a zero-day exploit to access Boing’s systems.
Boeing did not provide any technical information about the attack, nor any information about whether a ransom had been demanded or paid. However, a screenshot purportedly taken of the Lockbit leak site on the dark web and posted on X by VX Underground read in part, “A tremendous amount of sensitive data was exfiltrated and ready to be published if Boeing do not contact within the deadline!”
The Lockbit gang, according to a report from the US Cybersecurity and Infrastructure Security Agency, works on an affiliate model, using what amount to subcontractors to compromise target systems and plant the Lockbit ransomware software. CISA calls it “ransomware as a service,” and, due to variances in tactics and techniques among the various affiliates, the attacks can be difficult to defend against.