Boeing has acknowledged a cyber incident just days after ransomware gang LockBit reportedly exfiltrated sensitive data from the aerospace defence contractor.
“We are aware of a cyber incident impacting elements of our parts and distribution business,” Boeing told The Register. The company added that the issue did not affect flight safety, and that it is investigating the incident and coordinating with authorities.
“We are notifying our customers and suppliers,” the spokesperson added.
At the time of writing, the company’s parts and distribution website was “down due to technical issues.”
Aftermarket sales of spare parts are lucrative – so much so that in 2016 Boeing invested to grow its own parts operation, and to secure more revenue from third-parties that make compatible parts under license
“Over the long-term, as the size of the worldwide commercial airline fleet continues to grow, so does demand for aftermarket services designed to increase efficiency and extend the economic lives of aircraft,” stated [PDF] Boeing in its 2022 annual report.
The source of the cyber incident remains unclear, although LockBit has claimed it cybered the aerospace giant.
According to a screenshot published by VX underground last weekend, the ransomware gang added Boeing to its victims list and gave the company a mere six days to begin negotiations. LockBit administrative staff reportedly told the malware librarians a 0-day exploit allowed access to Boeing systems.
By Monday LockBit’s louts had removed Boeing from its website and told VX Underground the change was made due to negotiations having commenced with the aerospace entity.
Boeing has not published a press release on the matter, nor an SEC statement at the time of reporting.
The US Cybersecurity and Infrastructure Security Agency’s (CISA) rated LockBit as 2022’s most prolific ransomware operator.
As VX Underground has noted, the gang is more than a “group of nerds in a basement” – it operates with a formal management structure.
The group also engages in public relations endeavours, such as paying influencers to get tattoos of the LockBit logo. As its efforts to garner attention suggest, LockBit does not typically shy away from taking credit for ransomware-related endeavours, although the group’s claims should be considered with a critical eye.