Boeing Investigates Cyber Incident Following LockBit Ransomware Threat
Boeing confirmed on November 1 an ongoing investigation into a cyber incident affecting its parts and distribution business, part of its Global Services division. The disclosure follows a claim by the LockBit ransomware gang, which alleged on October 27 that it had stolen a "tremendous amount" of sensitive data from the aerospace giant and threatened to leak it unless a ransom was paid by November 2. The threat was removed from LockBit’s website by November 1, though the group has not commented further.
Boeing stated the incident does not impact flight safety and is cooperating with law enforcement and regulatory authorities while notifying customers and suppliers. Some webpages related to its Global Services division were temporarily inaccessible due to technical issues. The company has not confirmed whether LockBit is responsible for the breach.
LockBit, identified by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) as the most active ransomware group in 2022, has targeted over 1,700 U.S. organizations since 2020. The group typically encrypts victim systems and exfiltrates data for extortion. Cybersecurity experts note that even if ransoms are paid, there is no guarantee stolen data will not be leaked.
Boeing has not disclosed whether defense-related data was compromised, though experts warn such a breach could pose significant risks. CISA has not commented on the incident.
Boeing cybersecurity rating report: https://www.rankiteo.com/company/boeing
"id": "BOE1780526903",
"linkid": "boeing",
"type": "Ransomware",
"date": "11/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Customers and suppliers '
'notified',
'industry': 'Aerospace',
'name': 'Boeing',
'type': 'Corporation'}],
'data_breach': {'data_exfiltration': 'Alleged by LockBit',
'sensitivity_of_data': 'High (potential defense-related data)',
'type_of_data_compromised': 'Sensitive data'},
'date_detected': '2023-10-27',
'date_publicly_disclosed': '2023-11-01',
'description': 'Boeing confirmed an ongoing investigation into a cyber '
'incident affecting its parts and distribution business, part '
'of its Global Services division. The disclosure follows a '
'claim by the LockBit ransomware gang, which alleged it had '
'stolen sensitive data and threatened to leak it unless a '
'ransom was paid.',
'impact': {'data_compromised': 'Sensitive data',
'downtime': 'Temporary inaccessibility of some webpages',
'systems_affected': 'Parts and distribution business (Global '
'Services division)'},
'investigation_status': 'Ongoing',
'motivation': 'Extortion',
'ransomware': {'data_encryption': 'Likely (typical LockBit tactic)',
'data_exfiltration': 'Yes',
'ransom_demanded': 'Yes (amount not disclosed)',
'ransomware_strain': 'LockBit'},
'references': [{'date_accessed': '2023-11-01', 'source': 'Boeing Statement'},
{'date_accessed': '2023-10-27',
'source': 'LockBit Ransomware Gang Claim'}],
'regulatory_compliance': {'regulatory_notifications': 'Yes (cooperating with '
'regulatory '
'authorities)'},
'response': {'communication_strategy': 'Notifying customers and suppliers',
'law_enforcement_notified': 'Yes'},
'stakeholder_advisories': 'Customers and suppliers notified',
'threat_actor': 'LockBit ransomware gang',
'title': 'Boeing Cyber Incident Following LockBit Ransomware Threat',
'type': 'Ransomware'}