In a recent revelation, Boeing, one of the world’s leading aerospace and defense technology giants, has confirmed that it fell victim to a cyberattack in late October 2023. The attack primarily targeted Boeing’s information systems, particularly affecting its parts business. This acknowledgment comes in the wake of claims by the LockBit ransomware group, a notorious cybercriminal organization, that it was behind the attack. Boeing has not yet confirmed whether a ransom was paid to the group.
Boeing is currently collaborating with law enforcement agencies and cybersecurity experts to investigate the extent of the breach and to recover any data that may have been compromised during the cyberattack. The company’s proactive stance towards addressing the incident underscores the seriousness of the situation.
The LockBit ransomware group, known for encrypting victims’ data and demanding a ransom for decryption, initially mentioned Boeing as their new target on their dark web blog. However, they later removed the post, suggesting that negotiations might be underway.
Questions Surrounding the Attack
The revelation has ignited speculation about whether the LockBit Group genuinely breached Boeing’s security. Some experts, including Jon DiMaggio, have raised the possibility that the group may be in decline or compromised. Boeing’s confirmation, however, indicates that the group remains active and poses a significant threat.
LockBit Group – More Than Meets the Eye
Vx-underground, an online repository for malware samples, has described the LockBit group as a complex and well-organized entity. In a recent tweet, they stated, “LockBit is not simply a group of individuals operating from a basement. They consist of administrators, developers, money launderers, and notably collaborate with affiliates and other threat groups.”
Global Anti-Ransomware Alliance
Coincidentally, this cyberattack on Boeing occurred shortly after the United States announced an alliance of 40 countries to combat ransomware threats. This alliance emphasized a strong stance against paying ransoms to threat actors, highlighting the increasing global efforts to tackle cybercrime.
ALSO READ: Uniting Against Ransomware: Global Alliance Commits to Never Pay Ransom to Cybercriminals
No Confirmation on Ransom Payment
Boeing has not provided details about whether a ransom was paid to the LockBit Group. However, the company has assured stakeholders and the public that it is actively working to restore the affected systems without causing disruptions to its core business operations.
Zero-Day Vulnerability Suspected
William Wright, CEO of Closed Door Security, has suggested that the cyberattack on Boeing may have exploited a zero-day vulnerability. He stressed the importance of Boeing conducting thorough forensics into the attack promptly, stating, “Based on the information available, it looks like the incident was executed via a zero-day vulnerability. Which vulnerability remains to be seen, and we also don’t know if other criminal gangs are actively exploiting it as well. The sooner Boeing carries out its forensics into the attack, the better.”
The story surrounding the cyberattack on Boeing is still unfolding, and more updates are expected in the coming days. As of the time of publishing this article, Boeing’s parts and distribution domain remains offline due to technical issues.
This incident marks another cybersecurity challenge for Boeing, with previous attacks, including a malware attack introducing the WannaCry ransomware in March 2018, and the DoppelPaymer ransomware targeting several prominent companies, including SpaceX, Tesla, and a parts manufacturer associated with Boeing, in March 2020. Boeing’s resilience and the ongoing investigation into the latest breach will be closely monitored as the situation continues to develop.