A ransomware attack on the financial services unit of the Industrial and Commercial Bank of China (ICBC), China’s largest bank, has disrupted the US Treasury market by forcing customers to reroute trades, the Financial Times reported.
In a notice on its website, the bank’s financial division said that the attack, which occurred on November 8, 2023, disrupted some of its systems. Following the incident, ICBC FS disconnected the affected system and launched an investigation.
“ICBC FS's business and email systems operate independently of the Industrial and Commercial Bank of China Group. The systems of the ICBC Head Office and other domestic and overseas affiliated institutions were not affected by this incident, nor was the ICBC New York Branch,” ICBC FS said.
ICBC FS was allegedly hit by LockBit, a prolific Ransomware-as-a-Service operation known for its high-profile attacks on governments, companies and organizations across the world. Last month, the gang claimed to have hacked US aerospace and defense giant The Boeing Company, threatening to publish the stolen data if a ransom is not paid. Earlier this month, the hackers leaked 43GB of files from Boeing after the company refused to pay the ransom, most of which appear to be backups for various systems.
Shodan search data provided by cybersecurity expert Kevin Beaumont shows that the ICBC had a Citrix Netscaler box that was unpatched against CVE-2023-4966 (aka CitrixBleed), an RCE flaw affecting Citrix NetScaler ADC and NetScaler Gateway products. According to cybersecurity firm Mandiant, CVE-2023-4966 has been exploited as a zero-day vulnerability since late August of this year.
Beaumont said that more than 5,000 organizations have yet to patch the bug despite all the warnings from Citrix and cybersecurity experts.