Attack On Chinese Bank Disrupts Financial Trading
The US financial services division of the Industrial and Commercial Bank of China reported on Thursday 10th November that its financial services arm, called ICBC Financial Services, experienced a ransomware attack that caused disruption to a number of its systems.
ICBC said it was investigating the attack that disrupted some of its systems and making progress towards recovering from it, however, sources have reported there was disruption to trading in certain financial instruments.
In particular, the ransomware attack prevented the ICBC US division from settling US Treasury trades.
China’s foreign ministry said on Friday 10th November that the lender was striving to minimise risk impact and losses after the attack. Immediately after discovering the hack, ICBC “isolated impacted systems to contain the incident,” the state-owned bank said. ICBC has not said who was behind the attack but it did say has been “conducting a thorough investigation and is progressing its recovery efforts with the support of its professional team of information security experts.”
While nobody has claimed responsibility for the attack here are clues about what kind of software was used to carry out the attack. According to sources, the ransomware used in the attack is LockBit 3.0 - a persistent type of malware used to exfiltrate confidential data.
Different iterations of LockBit can rapidly infect corporate networks, typically someone clicking on a malicious link in an email.
ICBC said it “successfully cleared” US Treasury trades and repo financing trades done on Thursday 10th Nov. A repo is a repurchase agreement, a type of short-term borrowing for dealers in government bonds. However, multiple news outlets reported there was disruption to US Treasury trades and that the ransomware attack prevented the ICBC division from settling Treasury trades on behalf of other market participants.
A spokesman for China’s Ministry of Foreign Affairs, has said that ICBC is striving to minimise the impact and losses after the attack and ICBC has not commented on whether Lockbit was behind the hack.
ICBC has said it is working with law enforcement concerning the attack and US and Chinese Government officials have discussed the attack ahead of a forthcoming regional economic summit.
CNBC: ICBC: APNews: WSJ: Guardian: FT: Reuters: CybersecurityDive:
You Might Also Read:
Cyber Security & The Financial Services Industry;
___________________________________________________________________________________________
If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible