US arm of China mega-lender ICBC hit by ransomware attack

US arm of China mega-lender ICBC hit by ransomware attack

The US arm of China's largest bank said it was hit by a ransomware attack, forcing clients to reroute trades and disrupting the US Treasury market
The US arm of China's largest bank said it was hit by a ransomware attack, forcing clients to reroute trades and disrupting the US Treasury market. Photo: GREG BAKER / AFP
Source: AFP

The US arm of China's largest bank said it was hit by a ransomware attack, forcing clients to reroute trades and disrupting the US Treasury market.

Ransomware attacks typically access vulnerable computer systems and encrypt or steal data, before sending a ransom note demanding payment in exchange for decrypting the data or not releasing it publicly.

The Industrial and Commercial Bank of China Financial Services (ICBC FS) said Thursday it "experienced a ransomware attack that resulted in disruption to certain (financial services) systems."

"Immediately upon discovering the incident, ICBC FS disconnected and isolated impacted systems to contain the incident," the New York-based bank said, adding that it was investigating the attack and working on recovery.

ICBC FS said it had successfully cleared US Treasury trades executed Wednesday and repurchasing (repo) financing trades Thursday.

Slack demand for $24 billion in 30-year US Treasury bonds that were auctioned Thursday came as a surprise to some analysts.

Read also

US, China finance chiefs open talks with eye on curbing tensions

PAY ATTENTION: Сheck out news that is picked exactly for YOU ➡️ click on “Recommended for you” and enjoy!

This sale "attracted very poor demand, one of the weakest I can remember," Karl Haeling of the bank LBBW told AFP.

But demand at this sale "might not have been as bad as advertised," said Patrick O'Hare of Briefing.com.

"That's because subsequent reports have indicated that the US financial services division of China's Industrial and Commercial Bank was hit by a ransomware cyberattack yesterday that disrupted trades in the Treasury market."

Richard Flax, chief investment officer at Moneyfarm, put it this way: "Finally, a large Chinese bank suffered a cyber-attack that impacted its ability to trade in US Treasuries. Some commentators argue that that, rather than weak demand, was behind the relatively poor US government bond auction."

Bloomberg reported that some trades handled by ICBC FS on Thursday were transported across Manhattan on a USB stick as messengers manually relayed required settlement details.

Read also

Telecoms outage cuts off millions of Australians

China's foreign ministry said Friday that "the business systems and office systems of the head office of ICBC and other domestic and foreign branches and subsidiaries within the group are normal."

"As far as we know, ICBC has paid close attention to this matter, and has done a good job in emergency handling and supervision and communication, striving to minimize the impact of risks and losses," foreign ministry spokesman Wang Wenbin said at a regular news briefing.

"At present, the business systems and office systems of the head office of ICBC and other domestic and foreign branches and subsidiaries within the group are normal."

US media reported that the hack was executed using software created by Lockbit, the Russian-speaking hacking group known for scrambling files on a host's computer and flashing up messages demanding cryptocurrency payment to resolve the issue.

US aircraft manufacturer Boeing was hit with an attack from Lockbit last week.

Read also

China owed more than $1 trillion in Belt and Road debt: report

Last year, LockBit was "the most deployed ransomware variant across the world and continues to be prolific in 2023," according to the US Cybersecurity and Infrastructure Security Agency.

The US Justice Department said in May that LockBit ransomware had been used in more than 1,400 attacks globally.

LockBit has targeted critical infrastructure and large industrial groups, with ransom demands ranging from €5 million to €70 million.

The group attacked Britain's Royal Mail in early January and a Canadian children's hospital in December.

New feature: Сheck out news that is picked for YOU ➡️ click on “Recommended for you” and enjoy!

Source: AFP

Authors:
AFP avatar

AFP AFP text, photo, graphic, audio or video material shall not be published, broadcast, rewritten for broadcast or publication or redistributed directly or indirectly in any medium. AFP news material may not be stored in whole or in part in a computer or otherwise except for personal and non-commercial use. AFP will not be held liable for any delays, inaccuracies, errors or omissions in any AFP news material or in transmission or delivery of all or any part thereof or for any damages whatsoever. As a newswire service, AFP does not obtain releases from subjects, individuals, groups or entities contained in its photographs, videos, graphics or quoted in its texts. Further, no clearance is obtained from the owners of any trademarks or copyrighted materials whose marks and materials are included in AFP material. Therefore you will be solely responsible for obtaining any and all necessary releases from whatever individuals and/or entities necessary for any uses of AFP material.