Vn-Z.vn On November 11, 2023, the Industrial and Commercial Bank of China (ICBC) stands as one of the largest and most significant banks globally. A ransomware attack compelled the ICBC branch in the United States to resort to unconventional USB stick transactions.
China's largest bank, the Industrial and Commercial Bank of China (ICBC), has fallen victim to a ransomware attack. ICBC ranks among the banks with the largest total assets globally.
According to Bloomberg, the LockBit ransomware criminal group has been identified as the perpetrator of this attack. This criminal group provides ransomware-as-a-service and has been involved in numerous attacks targeting well-known organizations, including IT giant Accenture, Boeing, Bangkok Airways, the UK's Royal Mail, German company Continental, and many others.
The cyberattack on ICBC occurred just a week after the United States announced the formation of an alliance consisting of 40 countries in the fight against ransomware threats. This alliance emphasizes opposition to paying ransom for ransomware attacks.
It is known that the ICBC branch in the United States was targeted in the attack, forcing them to conduct transactions within Manhattan using USB flash drives. This event recalls the 2018 incident when employees in two cities in Alaska had to resort to using classic typewriters after a major ransomware attack.
On the ICBC Financial Services website for the U.S. branch, it was announced that their system was disrupted on November 8, 2023. The bank plans to conduct a thorough investigation to determine the root cause of the security incident. Relevant authorities have also been informed.
Affected by the ransomware attack, ICBC could not process pending U.S. Treasury transactions awaiting settlement as the involved parties lost connection to the affected systems. This forced the bank to send disbursement information to them via USB. The company quickly isolated the systems from the ICBC's main office. However, ICBC's units in other countries were not affected.
Some security experts suspect that hackers may have exploited the Citrix Bleed vulnerability (CVE-2023-4966). Network security expert Kevin Beaumont suggested that ICBC may not have patched this vulnerability on its Citrix NetScaler Gateway device in their system.
Citrix released a patch for this vulnerability last month. This is a serious vulnerability, as hackers/ransomware groups can easily exploit it to bypass authentication and gain unauthorized access to enterprise systems. This vulnerability has been exploited multiple times recently in attacks on unpatched government and corporate networks.
According to a report by Bloomberg, the incident has disrupted the U.S. Treasury bond market. In a statement from the Securities Industry and Financial Markets Association on Thursday, it was revealed that the bank was attacked by ransomware, hindering its ability to settle their bond transactions for other market participants. This situation can significantly impact the liquidity of U.S. Treasuries.
China's largest bank, the Industrial and Commercial Bank of China (ICBC), has fallen victim to a ransomware attack. ICBC ranks among the banks with the largest total assets globally.
According to Bloomberg, the LockBit ransomware criminal group has been identified as the perpetrator of this attack. This criminal group provides ransomware-as-a-service and has been involved in numerous attacks targeting well-known organizations, including IT giant Accenture, Boeing, Bangkok Airways, the UK's Royal Mail, German company Continental, and many others.
The cyberattack on ICBC occurred just a week after the United States announced the formation of an alliance consisting of 40 countries in the fight against ransomware threats. This alliance emphasizes opposition to paying ransom for ransomware attacks.
It is known that the ICBC branch in the United States was targeted in the attack, forcing them to conduct transactions within Manhattan using USB flash drives. This event recalls the 2018 incident when employees in two cities in Alaska had to resort to using classic typewriters after a major ransomware attack.
On the ICBC Financial Services website for the U.S. branch, it was announced that their system was disrupted on November 8, 2023. The bank plans to conduct a thorough investigation to determine the root cause of the security incident. Relevant authorities have also been informed.
Affected by the ransomware attack, ICBC could not process pending U.S. Treasury transactions awaiting settlement as the involved parties lost connection to the affected systems. This forced the bank to send disbursement information to them via USB. The company quickly isolated the systems from the ICBC's main office. However, ICBC's units in other countries were not affected.
Some security experts suspect that hackers may have exploited the Citrix Bleed vulnerability (CVE-2023-4966). Network security expert Kevin Beaumont suggested that ICBC may not have patched this vulnerability on its Citrix NetScaler Gateway device in their system.
Citrix released a patch for this vulnerability last month. This is a serious vulnerability, as hackers/ransomware groups can easily exploit it to bypass authentication and gain unauthorized access to enterprise systems. This vulnerability has been exploited multiple times recently in attacks on unpatched government and corporate networks.
According to a report by Bloomberg, the incident has disrupted the U.S. Treasury bond market. In a statement from the Securities Industry and Financial Markets Association on Thursday, it was revealed that the bank was attacked by ransomware, hindering its ability to settle their bond transactions for other market participants. This situation can significantly impact the liquidity of U.S. Treasuries.