Boeing has confirmed that an "incident" has occurred, after reports surfaced that the Lockbit ransomware group has claimed to have exfiltrated sensitive data from the aerospace giant. Credit: Luka Slapnicar / Matejmo / Getty Images Aerospace and defense giant Boeing on Thursday confirmed that it had suffered a cyber incident affecting its parts and distribution business, and the infamous Lockbit ransomware group is reported to be behind the attack. According to a Boeing spokesperson, the company is taking post-incident steps to rectify the damage, noting that the incident did not compromise aircraft systems or flight safety. “We are actively investigating the incident and coordinating with law enforcement and regulatory authorities,” Boeing said. “We are notifying our customers and suppliers.” An X (formerly Twitter) account for the VX Underground website, which bills itself as a distributor of malware samples, source code and research papers, said that Lockbit had added Boeing to its public “victims list.” VX Underground said that it had spoken to Lockbit’s “administrative staff,” who said that the group used a zero-day exploit to access Boing’s systems. Boeing did not provide any technical information about the attack, nor any information about whether a ransom had been demanded or paid. However, a screenshot purportedly taken of the Lockbit leak site on the dark web and posted on X by VX Underground read in part, “A tremendous amount of sensitive data was exfiltrated and ready to be published if Boeing do not contact within the deadline!” The Lockbit gang, according to a report from the US Cybersecurity and Infrastructure Security Agency, works on an affiliate model, using what amount to subcontractors to compromise target systems and plant the Lockbit ransomware software. CISA calls it “ransomware as a service,” and, due to variances in tactics and techniques among the various affiliates, the attacks can be difficult to defend against. “Since January 2020, affiliates using LockBit have attacked organizations of varying sizes across an array of critical infrastructure sectors, including financial services, food and agriculture, education, energy, government and emergency services, healthcare, manufacturing, and transportation,” CISA wrote. Lockbit was the most active global ransomware group in the world in 2022, according to CISA, which added that the group has functioned like an aggressive business in several ways, including making its ransomware tools simple to use, drumming up publicity via a series of stunts, and denigrating rival ransomware gangs in online forums. Lockbit has performed roughly 1,700 ransomware attacks in the US since 2020, according to the FBI, and the gang is thought to have taken in about $91 million in ransom payments. The group also participates in a form of “double extortion,” CISA said, where it not only encrypts sensitive data, but steals it and threatens to publish it widely. Related content news analysis Microsoft fixes three zero-day vulnerabilities, two actively exploited The company’s Patch Tuesday includes fixes for flaws in Windows Desktop Window Manager, Windows MSHTML, and Visual Studio, among others, that IT security orgs should prioritize. By Lucian Constantin May 15, 2024 6 mins Windows Security Zero-day vulnerability brandpost Sponsored by Palo Alto Networks How you may be affected by the new proposed Critical Infrastructure Cyber Incident Reporting Rule The current cybersecurity regulatory landscape continues to evolve, and CIRCIA’s incident reporting requirements are just one of the many emerging regulations organizations will need to observe By Anand Oswal, Senior Vice President and GM of Network Security at Palo Alto Networks May 15, 2024 5 mins Security news Singing River ransomware attack now thought to have affected over 895,000 The health care provider has dramatically increased its estimate of the number of patients affected by the August 2023 attack. By Shweta Sharma May 15, 2024 4 mins Data Breach Ransomware brandpost Sponsored by Sans Institute Clock is ticking for companies to prepare for EU NIS2 Directive Many companies are still not ready for the impact of NIS2, but SANS can help them prepare. By Laura McEwan May 15, 2024 3 mins Security PODCASTS VIDEOS RESOURCES EVENTS SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe