Boeing confirms impact from 'cyber incident,' vanishes from LockBit ransom list

The Boeing Company has confirmed to Cybernews that some operations have been impacted due to a 'cyber incident' previously claimed by the LockBit ransom gang. This, as the company and its logo mysteriously disappear off LockBit's official victim leak page.

"We are aware of a cyber incident impacting elements of our parts and distribution business,” a Boeing spokesperson told Cybernews Wednesday evening.

The spokesperson made it clear that the cyber issue "does not affect flight safety.”

“We are actively investigating the incident and coordinating with law enforcement and regulatory authorities. We are notifying our customers and suppliers," the Boeing spokesperson concluded.

The so-called “cyber incident” was claimed by the LockBit ransomware group on its dark leak site October 27th, as first reported by Cybernews.

At the time, a Boeing spokesperson told Cybernews it was “assessing this claim.”

Boeing Lockbit
LockBit leak site, Oct 27th, 2023

The company of nearly 150 thousand employees worldwide was given a deadline of six days to make contact with LockBit before the gang said it would publish all the data it had stolen in the alleged attack.

The Russian-linked threat actors did not say how much data it may have, or if it was defense related, but did claim it had a “tremendous amount.”

LockBit also said it was purposefully not providing leak samples of the data on its site – as is normally the case with ransomware crooks – “to protect” Boeing.

Boeing Lockbit 2
LockBit leak site, Oct 27, 2023

In an update to the story, sometime between October 30th and October 31st, Boeing was removed from LockBit’s leak page, leading to industry speculation that the US-based commercial jetliner manufacturer and military defense contractor has entered into negotiations with the group.

There is no word from either side about a possible ransom demand and/or what amount of money, if any, has been asked of Boeing or paid to LockBit.

“As one of the world’s biggest aircraft manufacturers facing the consequences... it will be very interesting to see how Boeing responds," said Mike Newman, CEO of My1Login.

According to the malware repository vx-underground, LockBit gave Boeing only six days to make contact, while typically victims are given ten day to reach out to cybercriminals.

“The timing of the attack is very interesting, especially given that the US has just pledged never to do business with ransomware criminals,” Newman said.

“Details into the attack are still emerging, but it does highlight that no organization is immune to ransomware. Therefore, defenses are the key goal.," he said.

"This means keeping systems up to date with patches against vulnerabilities and using tools to protect staff against phishing, which is the number one attack vector for ransomware criminals, Newman added.

Researchers at the repository noted the attackers said it breached Boeing using a zero-day exploit, but that the gang provided no other details about the purported attack.

“Once again we are seeing a hacking gang announcing a cyberattack well before a company is aware of it," said CEO of Closed Door Security William Wright.

Wright explained that even though the attack was “executed via a zero-day vulnerability, which vulnerability remains to be seen.”

“We also don’t know if other criminal gangs are actively exploiting it as well. The sooner Boeing carries out its forensics into the attack the better, Defenders need to understand which vulnerability was exploited, so they can take steps to protect their systems,” Wright said.

Who is LockBit?

The LockBit group was first clocked by security insiders sometime late 2019. Since then, the gang has topped many lists in terms of victimized organizations.

The threat actors are said to have executed over 1,400 attacks against victims in the US and around the world, including Asia, Europe, and Africa .

The gang’s evasive ransomware variant LockBit 3.0 shares similarities with two other Russian-linked ransomware; BlackMatter and BlackCat (ALPHV/BlackCat), according to the US department of Justice.

The group is also said to have made tens of millions of dollars off its victims in actual ransom payments collected in Bitcoin.

Security research reports from this past August suggest that the group may be having management issues that have caused a breakdown in LockBit’s criminal operations.

The suspected rupture resulting in LockBit’s over-reliance on empty threats and its fierce reputation as a substitute for taking real action against its victims.