Boeing confirmed a cyberattack is impacting its global services division, five days after a prolific Russia-affiliated ransomware group claimed responsibility for an attack against the multinational aerospace company.
“We are aware of a cyber incident impacting elements of our parts and distribution business,” a Boeing spokesperson said via email on Wednesday. “This issue does not affect flight safety.”
Some parts of company’s global services site are currently down.
Boeing declined to confirm the identity of the threat actor, the nature of the attack or if a ransom has been paid. The company has yet to file a disclosure about the incident with the Securities and Exchange Commission.
The group taking credit for the attack, LockBit, is a financially motivated threat actor the Justice Department once described as “one of the most active and destructive ransomware variants in the world.”
LockBit listed Boeing on its leak site on Friday and threatened to leak “sensitive data” if Boeing did not meet its deadline to make contact by Thursday.
“We are actively investigating the incident and coordinating with law enforcement and regulatory authorities. We are notifying our customers and suppliers,” the spokesperson said.
Ransomware groups use leak sites to threaten and ramp up pressure on their victims to pay a ransom. Targeted organizations are typically removed from leak sites when active negotiations are underway or a ransom is paid, according to ransomware negotiators and threat analysts.
The FBI declined to comment.
The Cybersecurity and Infrastructure Security Agency, in a June advisory, said LockBit had attacked more than 1,700 organizations in the U.S. and made at least $91 million in ransom demands since it first appeared in January 2020.
