World’s largest commercial bank ICBC confirms ransomware attack

Trending 3 months ago

ICBC

Image: Adrian Grycuk/CC BY-SA 3.0 PL

Update November 10, 06:49 EST: The Industrial & Commercial Bank of China accepted its casework were disrupted by a ransomware advance that impacted its systems on Wednesday, November 8.

"On November 8, 2023, U.S. Eastern Time (November 9, 2023, Beijing Time), ICBC Financial Services (FS) accomplished a ransomware advance that resulted in disruption to assertive FS systems. Immediately aloft advertent the incident, ICBC FS broken and abandoned impacted systems to accommodate the incident," said the bank.

"ICBC FS has been administering a absolute analysis and is advanced its accretion efforts with the abutment of its able aggregation of advice aegis experts. ICBC FS has additionally appear this adventure to law enforcement. We auspiciously austere US Treasury trades accomplished Wednesday (11/08) and Repo costs trades done on Thursday (11/09)."

ICBC added that its business and email systems action apart from the ICBC Group and that the adventure did not appulse the systems of the ICBC New York Branch, the ICBC Head Office, and added affiliated institutions domestically and abroad.


The Industrial & Commercial Bank of China (ICBC) is abating systems and casework afterward a ransomware advance that disrupted the U.S. Treasury market, causing equities allowance issues.

As the Financial Times aboriginal reported, associates of the Securities Industry and Financial Markets Association were notified of the adventure on Thursday.

"ICBC is currently clumsy to affix to DTCC/NSCC. This affair is impacting all of ICBC's allowance customers," says an emergency apprehension issued to disinterestedness traders and aggregate by aegis analysis accumulation vx-underground.

"Because of this, [censored] is briefly suspending all entering FIX access and not accepting orders at this time. We are in abutting blow with ICBC and will admonish as anon as the affair is resolved."

Because of the attack's appulse on its systems, the Chinese bartering case could not achieve U.S. Treasury trades for added bazaar participants.

"We are acquainted of the cybersecurity affair and are in approved acquaintance with key banking area participants, in accession to federal regulators. We abide to adviser the situation," a U.S. Treasury agent told Bloomberg.

An ICBC USA agent was not anon accessible for animadversion back contacted by BleepingComputer beforehand today.

Attack accepted by industry sources

While the case is yet to affair a account acknowledging the adventure and its impact, assorted sources accept told BleepingComputer that the ICBC fell victim to a ransomware attack.

Security able Kevin Beaumont said an ICBC Citrix server aftermost apparent online on Monday and unpatched adjoin an actively exploited NetScaler aegis bug tracked as 'Citrix Bleed' is now offline.

"It allows complete, accessible bypass of all forms of affidavit and is actuality exploited by ransomware groups. It is as simple as pointing and beat your way central orgs - it gives attackers a absolutely alternate Remote Desktop PC the added end," Beaumont explained.

ICBC is China's better case and the better bartering case in the apple by revenue, with acquirement of $214.7 billion and profits of $53.5 billion appear in 2022, according to Fortune.

It has 10.7 actor accumulated and 720 actor alone customers. In accession to its 17,000 calm branches, ICBC additionally has branches in 41 countries including 13 branches above the East and West coasts of the United States.

The case was listed on the Shanghai Stock Exchange and The Stock Exchange of Hong Kong on October 27, 2006.