Aerospace giant Boeing has confirmed that it is dealing with a “cyber incident,” days after the company was listed on the leak site of the LockBit ransomware gang.
In a statement given to TechCrunch, Boeing spokesperson Jim Proulx confirmed that attackers had targeted “elements of our parts and distribution business.” The spokesperson added: “This issue does not affect flight safety. We are actively investigating the incident and coordinating with law enforcement and regulatory authorities. We are notifying our customers and suppliers.”
This confirmation comes soon after the Russia-linked LockBit ransomware gang claimed responsibility for a cyberattack targeting Boeing. According to a recent U.S. government advisory, LockBit has targeted approximately 1,800 victim systems in the U.S. and worldwide since late 2019.
In a since-deleted post, LockBit threatened to publish a “tremendous amount” of sensitive data allegedly stolen from Boeing if the company didn’t meet a ransom demand by November 2. The listing was removed from LockBit’s website this week, which ransomware gangs often use to extort companies by publishing stolen files if the ransom isn’t paid. A removed listing is often a sign that an organization has agreed to negotiate with the hackers, or paid some or all of the ransom demand.
When asked by TechCrunch, Boeing declined to say whether it had received a ransom demand or whether the company had paid.
The U.S. government has previously sanctioned Evil Corp, believed to be an affiliate of the LockBit ransomware group, which makes it illegal for any business or individual to pay the attackers. Paying ransoms to sanctioned hacking groups and ransomware gangs can violate U.S. law.
In a post on October 28, malware research group VX-Underground claimed to have spoken to LockBit administrators, who said that LockBit had not yet contacted Boeing. VX-Underground added that the LockBit representative declined to say how much or what types of data had been allegedly stolen.
When asked by TechCrunch, Boeing declined to say how it was compromised or whether the company was aware of any exfiltration of data from its systems. However, the spokesperson did not dispute that Boeing had been affected by a cybersecurity incident that involved data exfiltration.
Last year, Boeing subsidiary Jeppesen, which offers navigational information, operations planning tools and flight planning products, said it had been the target of a cyber incident that had caused some disruption to flight planning.
Updated at 2:01pm ET to correct the name of the affected Boeing units in the second paragraph. We regret the error. ZW.