The US branch of the Industrial and Commercial Bank of China (ICBC), one of the world’s largest banks, has been hit by a major ransomware attack, raising serious concerns within the global financial sector.
The attack believed to be the work of the notorious LockBit ransomware gang, poses a serious threat to the stability of international finance.
The Securities Industry and Financial Markets Association alerted its members on Wednesday about a ransomware attack on ICBC Financial Services, The Financial Times reported. Moreover, the cyberattack forced clients of the Industrial and Commercial Bank of China to change their trade routes, the report added.
ICBC is a Chinese multinational banking company and one of the largest banks in the world by total assets and revenue. Founded in 1984, it’s headquartered in Beijing and operates in over 40 countries. As of 2022, ICBC’s projected revenue was around $214.7 billion, showcasing its enormous scale and influence in the global financial market.
ICBC Ransomware Attack
Numerous cybersecurity professionals suggest a connection between the ransomware attack on ICBC and CVE-2023-4966, which is believed to have been exploited by hacker group in the recent cyberattack on Boeing.
In a Facebook post, Cybersecurity specialist Kevin Beaumont revealed a Shodan search indicating that ICBC’s network included a Citrix Netscaler device that hadn’t been updated for CVE-2023-4966.
This flaw, commonly referred to as “CitrixBleed” by experts, impacts NetScaler ADC and Gateway appliances, which are widely used by businesses for network traffic management.
Jon Miller, CEO of Halcyon, in a statement to Record Media, highlighted the severity of the ICBC ransomware attack, saying, “This attack has the potential to have a serious impact on worldwide financial markets, as US Treasuries are central to the global banking and finance system.
He further added, “Critical infrastructure providers like the financial, manufacturing, healthcare, and energy sectors remain top targets for ransomware operators because the pressure to quickly resolve the attacks and resume operations increases the chances victim organizations will pay the ransom demand.
The US Treasury trades performed on Wednesday and repo financing contracts executed on Thursday had been effectively cleared, reported Rochester First. Neither ICBC’s head office nor its New York branch was impacted and ICBC FS runs independently from ICBC in China.
“We are aware of the cyber security issue and are in regular contact with key financial sector participants, in addition to federal regulators. We continue to monitor the situation,” a Treasury Department spokesperson said, according to the FT report.
Experts in the Treasury market noted that traders often have links with multiple institutions, enabling them to reroute and execute trades successfully through alternative channels. Additionally, the company announced that they have informed law enforcement about the incident.
The ransomware attack on ICBC, mirroring the recent cyberattack on Boeing, underscores the escalating vulnerability of global institutions to sophisticated cyber threats.
The alleged exploitation of CVE-2023-4966, or “CitrixBleed,” in both incidents again highlights the immediate need to patch detected vulnerabilities, especially in sectors pivotal to the economy such as finance.
It’s clear that in an increasingly interconnected world, the security of one is the security of all, necessitating a coordinated and robust response to cyber threats.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
