Skip to content

Notorious cybercriminal group LockBit targets ICBC’s USA arm

  • by
  • 3 min read

In a significant cybersecurity breach, the U.S. arm of the Industrial and Commercial Bank of China (ICBC) fell victim to a ransomware attack by the notorious LockBit cybercrime gang on Thursday, disrupting treasury trades.

ICBC Financial Services reported actively looking into the attack and making strides toward system recovery. The attack, attributed to LockBit, underscores a growing boldness among ransomware groups.

Allan Liska, a ransomware expert at Recorded Future, noted the unusual scale of the attack, emphasising that large financial institutions like ICBC are rarely targeted with such disruptive ransomware assaults.

While LockBit did not explicitly claim responsibility on its dark web platform, experts believe the gang’s involvement is due to its modus operandi. According to ransomware experts, the lack of victim attribution could be a tactic during ransom negotiations.

The ICBC has not officially confirmed LockBit’s involvement, adhering to the common practice of victim organisations refraining from disclosing cybercriminal groups’ names.

Though seemingly limited in its market impact, the attack has raised concerns about the cybersecurity resistance of major organisations like ICBC. Despite the successful clearance of Treasury trades executed on Wednesday, some trades on Thursday, including repurchase agreements (repo) financing, were reportedly affected. Market participants noted disruptions in the settlement process, potentially influencing market liquidity.

The United States government is already under immense pressure from various threat actors. | Photo by Brett Sayles

The United States government is grappling with escalating cyber threats, particularly ransomware attacks. The incident prompts questions about the cybersecurity controls of market participants, inviting regulatory scrutiny.

While addressing the breach, ICBC assured that the overall market impact was limited. However, market sources suggested that the hack might have contributed to technical issues and disrupted participant access, potentially influencing a 30-year bond auction on Thursday, reported Reuters.

As the fallout from the attack unfolds, the U.S. Treasury Department and industry watchdogs, including the U.S. Securities Industry and Financial Markets Association (SIFMA), closely monitor the situation.

Threat actor LockBit has been behind many ransomware attacks recently. In June, the group targeted Granules India, a listed Indian pharmaceutical company. A few months before, Microsoft reported that two threat actors, Clop and LockBit, were behind the PaperCut server hacks.

In yet another report, it was revealed that LockBit has now begun targeting macOS. And in March this year, LockBit threatened to leak SpaceX blueprints, and just before that, in February, the group claimed responsibility for the Ion hack.

In the News: Signal tests public usernames for phone number anonymity

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

>