Major Mexican airport confirms experts are working to address cyberattack

One of the highest-traffic airports in Mexico said it is responding to a cyberattack.

The Querétaro Intercontinental Airport — about three hours from Mexico City — confirmed reports that it had been attacked by hackers, posting a notice on social media sites that it had called in experts to help address the issue.

“We reported that we had a cyberattack incident and are working with experts to address this situation. AIQ systems are operating normally. The safety of our passengers and operations remains our top priority,” the airport said, according to a translation of the notice, posted Tuesday.

Over the last decade, Querétaro Intercontinental has become one of the busiest airports in Mexico, serving more than 1.1 million passengers in 2022 and becoming a hub for cargo flights within Mexico and to the U.S. and Europe.

Officials said the cyberattack was traced back to an employee downloading a file containing malware.

The airport’s operational security wasn’t compromised, and the response team had contained and isolated the attack, the officials said, claiming that any information stolen was “in the public domain.”

The airport notified “relevant authorities,” the notice said.

On Monday, the LockBit ransomware gang took credit for the attack, threatening to leak the data on November 27.

The claim comes just days after LockBit said it stole information from multibillion-dollar airplane maker Boeing — which told Recorded Future News that it was investigating the incident.

When reached for followup, a spokesperson for Boeing said no further updates would be released. LockBit this week removed Boeing from its leak site and researchers from malware platform vx-underground claimed they spoke to members of the ransomware gang who said negotiations with the company were underway.

The aviation industry is regularly targeted by cyberattacks. Air Canada and Air Europa have both dealt with incidents in the last month. Russia-based hackers previously inundated websites for airports across the U.S. with distributed denial-of-service (DDoS) incidents.

European aerospace giant Airbus said in September that it was investigating a cybersecurity incident following reports that a hacker posted information on 3,200 of the company’s vendors to the dark web.

Scandinavian Airlines, India’s SpiceJet, and Air India have all faced cybersecurity incidents in recent years. Jeppesen, a wholly owned Boeing subsidiary that provides navigation and flight planning tools, confirmed last November that it was dealing with a cybersecurity incident that caused some flight disruptions.

Accelya, a technology provided for many large airlines, said last year that it experienced a ransomware attack tied to the BlackCat group and last August, Bangkok Airways said that hackers stole passenger information during a security breach following a ransomware incident.