China's largest bank hit by ransomware attack

News
By
published

LockBit used a well-documented vulnerability to hit ICBC

Ransomware attack on a computer
(Image credit: Kaspersky)

ICBC, the largest bank in China, suffered a devastating ransomware attack which disrupted its financial services (FS) systems, with a knock-on effect of affecting US Treasury markets, and sending ripples across the global financial world. 

Multiple news outlets reported that ICBC was attacked by LockBit, a ransomware operation with possible ties to Russia. However, as LockBit is a ransomware-as-a-service operation, the culprits could actually be any one of its affiliates.

It's not yet known how much money the attackers are demanding in exchange for the decryption key, or if they managed to steal any sensitive data during the attack.

Reader Offer: $50 Amazon gift card with demo

Reader Offer: $50 Amazon gift card with demo
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?

CitrixBleed

A notice on the ICBC website says that upon noticing the incident, ICBC FS “disconnected and isolated impacted systems to contain the incident," adding that an investigation was underway, as well as recovery efforts. ICBC’s financial services business and email systems operate independently from the bank, as well as overseas affiliates which didn’t seem affected by the attack.

Cybersecurity researcher Kevin Beaumont argues that the attackers leveraged a known vulnerability in Citrix Netscaler boxes, called CitrixBleed, to move past any authentication protocols. CitrixBleed is tracked as CVE-2023-4966 and carries a severity score of 9.4. It was patched a month ago. In the time after the release of the patch, both Citrix and other security firms warned about the vulnerability being abused in the wild. Even CISA sounded the alarm, saying ransomware actors were abusing it, and urging users to apply the patch immediately. 

As per the Financial Times, the attack disrupted US Treasury markets, too. The US Securities Industry and Financial Markets Association (SIMFA) told their members the attack could block trade settling on behalf of other market players, The Register reported. Some equity traders weren’t able to place, or clear, trades, other media reported. 

Ransomware operators have been getting bolder, lately. In fact, with more than 500 recorded attacks, September was a record month. 

Via The Register

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A group of 7 hackers, 6 slightly blurred in the background and one in the foreground, all wearing black with hoods pulled up over their heads. You cannot see their faces. The hacker in the foreground sits with an open laptop in front of them. The background, behind the hackers, is a Chinese flag
China government-linked hackers caught running a seriously dangerous ransomware scam
An American flag flying outside the US Capitol building against a blue sky
More alleged Chinese intrusions into the US Treasury revealed
Russian flag on a laptop
Major Russian IT service provider hit with cyberattack
China
Chinese cybersecurity firm facing US sanctions over alleged ransomware attacks
China
US Treasury declares ‘major incident’ after apparent state-sponsored Chinese hack
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Interlock ransomware attacks highlight need for greater security standards on critical infrastructure
Latest in Security
Red padlock open on electric circuits network dark red background
AI-powered cyber threats are becoming the biggest worry for businesses everywhere
Woman using iMessage on iPhone
Apple to take legal action against British Government over backdoor request
Red padlock open on electric circuits network dark red background
Aviaton firms hit by devious new polyglot malware
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
Major ransomware attack sees Tata Technologies hit - 1.4TB dataset with over 730,000 files allegedly stolen
Image of laptop infected with malware
Ransomware criminals are now sending their demands...by snail mail?
Security
Broadcom releases fixes for multiple VMware security flaws
Latest in News
An Nvidia GeForce RTX 5070
Nvidia confirms that an RTX 5070 Founders Edition is coming... just not on launch day
Microsoft UK CEO Darren Hardman AI Tour London 2025
Microsoft - UK can help drive the global AI future, but only with the proper buy-in
Asus Prime OC RTX 5070 graphics card with three fans, shown at an angle
Asus reveals Nvidia RTX 5070 launch pricing, and while one model is at MSRP – thankfully – the others make me want to give up my search for a next-gen GPU
OpenAI CEO Sam Altman attends the artificial intelligence Revolution Forum. New York, US - 13 Jan 2023
Sam Altman tweets delay to ChatGPT-4.5 launch while also proposing a shocking new payment structure
Red padlock open on electric circuits network dark red background
AI-powered cyber threats are becoming the biggest worry for businesses everywhere
Philips Hue lights being dimmed
Got Philips Hue lights? A free app update delivers these 3 improvements
More about security
Image of laptop infected with malware

Ransomware criminals are now sending their demands...by snail mail?
Red padlock open on electric circuits network dark red background

AI-powered cyber threats are becoming the biggest worry for businesses everywhere
LG C3 OLED TV on orange background and TechRadar 'Price Cut' text

Spring clearance: LG's highly-rated C3 OLED TV has a massive $1,200 discount at Amazon
See more latest