Cyber Incident Victim: The Boeing Company
Date:
Mar 2018
Location:
United States of America
Summary
A major aerospace company experienced a suspected WannaCry ransomware intrusion at a South Carolina facility, initially causing internal alarm over potential spread to production systems and aircraft software. The malware reportedly affected a limited number of systems, including automated assembly tools, prompting urgent remediation efforts. The organization stated the incident did not disrupt production or deliveries, attributing it to a contained malware variant possibly modified to bypass existing security measures. Cybersecurity experts suggested the attack likely exploited unpatched Windows vulnerabilities but was unlikely to impact non-Windows operational technology. The company's response included immediate containment actions, and no broader operational consequences were reported.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On March 28, 2018, Boeing’s cybersecurity operations center detected a malware intrusion affecting systems at its North Charleston, South Carolina facility. Initial internal communications, including a memo from Boeing Commercial Airplane production engineering chief Mike VanderWel, characterized the incident as rapidly spreading and raised concerns about potential impacts on production systems. VanderWel’s alert described the malware as "metastasizing rapidly" and indicated possible disruptions to 777 automated spar assembly tools, while speculating about risks to airplane software if the infection reached equipment used for testing newly produced aircraft. The situation prompted an urgent "all hands on deck" response within the company, with VanderWel likening the required effort to the 2013 battery crisis that grounded Dreamliner fleets. Boeing later issued a public statement contradicting the severity described internally, asserting that only a "small number of systems" were compromised and that remediation measures had been successfully implemented. The company explicitly stated the incident did not affect production schedules or aircraft deliveries, though internal communications revealed significant operational alarm.
The intrusion was suspected by cybersecurity personnel to involve a variant of WannaCry ransomware, which leverages the EternalBlue exploit originally developed by the NSA. Security researcher Mitchell Edwards noted this variant likely lacked the kill switch that had neutralized the 2017 WannaCry outbreak, though he emphasized the malware’s limitations to Windows-based systems—excluding aircraft control software and most production equipment from direct compromise. Boeing declined to confirm whether WannaCry was definitively involved, referring only to "malware" in official communications. The incident highlighted potential vulnerabilities in Boeing’s patch management practices, as Microsoft had previously released updates to mitigate EternalBlue exploits. While attribution discussions referenced U.S. government accusations against North Korea for the original WannaCry attacks, no evidence linked this specific intrusion to any actor. Boeing’s containment response involved isolating affected systems and implementing unspecified remediations, with no reported ransom payments or data breaches. The company maintained public emphasis on the limited scope throughout subsequent media coverage.