A major ransomware attack targets China's largest lender, ICBC
10 Nov 2023
In a major cybersecurity incident, the U.S. arm of the Industrial and Commercial Bank of China (ICBC) fell victim to a ransomware attack, disrupting trade in the U.S. Treasury on Thursday, 9 November 2023. This marks the latest attack in a series of ransomware incidents affecting various industries this year.
ICBC Financial Services, the U.S. unit of China's largest commercial lender, reported that it was actively investigating the attack that disrupted some of its systems. The financial institution is making progress towards recovery, as per its official statement.
Ransomware attacks typically involve hackers locking up an organization's systems and demanding a ransom for unlocking them, often coupled with the theft of sensitive data for extortion purposes. While several experts and analysts pointed towards the involvement of the Lockbit cybercrime gang, the gang's dark web site, where it typically posts the names of its victims, did not mention ICBC as of Thursday (9 November 2023) evening.
Allan Liska, a ransomware expert at cybersecurity firm Recorded Future, noted the unusual nature of such a disruptive attack on a large bank. Liska, who believes Lockbit was behind the incident, suggested that ransomware gangs might refrain from publicly naming their victims during negotiations.
The attack follows a trend of increasing audacity by ransomware groups, driven by a perceived lack of repercussions for their actions. Despite efforts by U.S. authorities to curb cybercrime, particularly ransomware attacks, the frequency and boldness of such incidents persist.
ICBC did not confirm whether Lockbit was responsible for the hack, maintaining the common practice of victim organizations refraining from disclosing cybercrime gang affiliations. Lockbit, active since 2020, has targeted 1,700 U.S. organizations, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
While the impact of the hack on ICBC appeared limited, it raises concerns about the vulnerability of systems in large organizations. The incident is likely to prompt questions about cybersecurity controls among market participants and attract regulatory scrutiny.
ICBC reported the successful clearing of Treasury trades executed on Wednesday 8 November 2023, and repurchase agreements (repo) financing trades on Thursday 9 November 2023. Despite the limited impact on the market, some trades through ICBC were reportedly not settled due to the attack, potentially affecting market liquidity. This incident is expected to raise questions about cybersecurity measures and draw regulatory attention to the resilience of financial institutions in the face of cyber threats.
