Industrial and Commercial Bank of China (ICBC) hit by ransomware attack

The Industrial and Commercial Bank of China (ICBC) announced that it suffered a ransomware attack that disrupted the U.S. Treasury market and impacted some fixed income and equities transactions.

On November 8, 2023, ICBC Financial Services (FS) experienced a ransomware attack that resulted in disruption to certain FS systems. Immediately upon discovering the incident, ICBC FS disconnected and isolated impacted systems to contain the incident. The bank has launched an investigation with the help of external cyber security experts.

As of now, it is still unknown which ransomware group is behind the attack and it’s unclear if threat actors stole any data from the organization.

The Industrial and Commercial Bank of China (ICBC) is one of the largest and most prominent banks in the world. It is a Chinese multinational banking company and is often considered the largest bank in the world by total assets, market capitalization, and customer deposits.

Because of the attack’s impact on its systems, the Chinese commercial bank could not settle U.S. Treasury trades for other market participants.

ICBC added that its business and email systems function autonomously from the ICBC Group and that the incident did not impact the systems of the ICBC New York Branch, the ICBC Head Office, and other affiliated institutions domestically and abroad.

According to security expert Kevin Beaumont, the ICBC infrastructure was hosting a Citrix server vulnerable to the ‘Citrix Bleed‘ attack. The server went offline after the attack.

In October, Citrix urged administrators to secure all NetScaler ADC and Gateway appliances against the CVE-2023-4966 vulnerability, which is actively exploited in attacks.

Threat actors exploited this vulnerability to hijack existing authenticated sessions and bypass multifactor authentication or other strong authentication requirements.

Image Credits : Reuters

The post Industrial and Commercial Bank of China (ICBC) hit by ransomware attack first appeared on Cybersafe News.

CyberNews RansomWare