Image: Adrian Grycuk/CC BY-SA 3.0 PL
Update November 10, 06:49 EST: The Industrial & Commercial Bank of China confirmed its services were disrupted by a ransomware attack that impacted its systems on Wednesday, November 8.
“On November 8, 2023, U.S. Eastern Time (November 9, 2023, Beijing Time), ICBC Financial Services (FS) experienced a ransomware attack that resulted in disruption to certain FS systems. Immediately upon discovering the incident, ICBC FS disconnected and isolated impacted systems to contain the incident,” said the bank.
“ICBC FS has been conducting a thorough investigation and is progressing its recovery efforts with the support of its professional team of information security experts. ICBC FS has also reported this incident to law enforcement. We successfully cleared US Treasury trades executed Wednesday (11/08) and Repo financing trades done on Thursday (11/09).”
ICBC added that its business and email systems function autonomously from the ICBC Group and that the incident did not impact the systems of the ICBC New York Branch, the ICBC Head Office, and other affiliated institutions domestically and abroad.
The Industrial & Commercial Bank of China (ICBC) is restoring systems and services following a ransomware attack that disrupted the U.S. Treasury market, causing equities clearing issues.
As the Financial Times first reported, members of the Securities Industry and Financial Markets Association were notified of the incident on Thursday.
“ICBC is currently unable to connect to DTCC/NSCC. This issue is impacting all of ICBC’s clearing customers,” says an emergency notice issued to equity traders and shared by security research group vx-underground.
“Because of this, [censored] is temporarily suspending all inbound FIX connections and not accepting orders at this time. We are in close touch with ICBC and will advise as soon as the issue is resolved.”
Because of the attack’s impact on its systems, the Chinese commercial bank could not settle U.S. Treasury trades for other market participants.
“We are aware of the cybersecurity issue and are in regular contact with key financial sector participants, in addition to federal regulators. We continue to monitor the situation,” a U.S. Treasury spokesperson told Bloomberg.
An ICBC USA spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.
Attack confirmed by industry sources
While the bank is yet to issue a statement confirming the incident and its impact, multiple sources have told BleepingComputer that the ICBC fell victim to a ransomware attack.
Security expert Kevin Beaumont said an ICBC Citrix server last seen online on Monday and unpatched against an actively exploited NetScaler security bug tracked as ‘Citrix Bleed’ is now offline.
“It allows complete, easy bypass of all forms of authentication and is being exploited by ransomware groups. It is as simple as pointing and clicking your way inside orgs – it gives attackers a fully interactive Remote Desktop PC the other end,” Beaumont explained.
ICBC is China’s largest bank and the largest commercial bank in the world by revenue, with revenue of $214.7 billion and profits of $53.5 billion reported in 2022, according to Fortune.
It has 10.7 million corporate and 720 million individual customers. In addition to its 17,000 domestic branches, ICBC also has branches in 41 countries including 13 branches across the East and West coasts of the United States.
The bank was listed on the Shanghai Stock Exchange and The Stock Exchange of Hong Kong on October 27, 2006.