Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News

      Musk rails against South Africa’s ‘racist laws’ in fiery interview

      20 May 2025

      Ramaphosa orders corruption probe at Sita

      20 May 2025

      South Africa rethinks BEE rules to unlock Starlink deal

      20 May 2025

      Rising subscription costs creeping up on household finances

      20 May 2025

      South Africa’s Sim card ‘washing machine’

      20 May 2025
    • World

      Microsoft pushes for industry standards in AI agent collaboration

      19 May 2025

      Microsoft to lay off 3% of workforce in organisation-wide cuts

      14 May 2025

      AI-voiced audiobooks are coming to Audible

      13 May 2025

      Apple turns to AI to tackle iPhone battery woes

      13 May 2025

      Vodafone CFO to step down

      7 May 2025
    • In-depth

      South Africa unveils big state digital reform programme

      12 May 2025

      Is this the end of Google Search as we know it?

      12 May 2025

      Social media’s Big Tobacco moment is coming

      13 April 2025

      This is Europe’s shot to emerge from Silicon Valley’s shadow

      10 April 2025

      Microsoft turns 50

      4 April 2025
    • TCS

      Meet the CIO | Schalk Visser on Cell C’s big tech pivot

      13 May 2025

      TCS | Kiaan Pillay on fintech start-up Stitch and its R1-billion funding round

      7 May 2025

      TCS+ | Switchcom and Huawei eKit: networking made easy for SMEs

      6 May 2025

      TCS | How Covid sparked a corporate tug-of-war over Adapt IT

      30 April 2025

      TCS+ | Inside MTN’s big brand overhaul

      11 April 2025
    • Opinion

      Solar panic? The truth about SSEG, fines and municipal rules

      14 April 2025

      Data protection must be crypto industry’s top priority

      9 April 2025

      ICT distributors must embrace innovation or risk irrelevance

      9 April 2025

      South Africa unprepared for deepfake chaos

      3 April 2025

      Google: South African media plan threatens investment

      3 April 2025
    • Company Hubs
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Arctic Wolf
      • AvertITD
      • Braintree
      • CallMiner
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • Incredible Business
      • iONLINE
      • Iris Network Systems
      • LSD Open
      • NEC XON
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SkyWire
      • Solid8 Technologies
      • Tenable
      • Vertiv
      • Videri Digital
      • Wipro
      • Workday
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Fintech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Motoring
      • Public sector
      • Retail and e-commerce
      • Science
      • Social media
      • Talent and leadership
      • Telecoms
    • Events
    • Advertise
    TechCentralTechCentral
    Home » Information security » China’s biggest, ICBC, bank hit by ransomware attack

    China’s biggest, ICBC, bank hit by ransomware attack

    ICBC's US arm was hit by a ransomware attack that disrupted trades in the US treasury on Thursday.
    By Agency Staff10 November 2023
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    The Industrial and Commercial Bank of China’s (ICBC’s) US arm was hit by a ransomware attack that disrupted trades in the US treasury on Thursday, the latest in a string of victims that ransom-demanding hackers have claimed this year.

    ICBC Financial Services, the US unit of China’s largest commercial lender by assets, said it was investigating the attack that disrupted some of its systems, and making progress toward recovering from it.

    Hackers lock up a victim organisation’s systems in such attacks and demand ransom for unlocking it, often also stealing sensitive data for extortion.

    We don’t often see a bank this large get hit with this disruptive of a ransomware attack

    Several ransomware experts and analysts said an aggressive cybercrime gang named Lockbit was believed to be behind the hack, although the gang’s dark web site where it typically posts names of its victims did not mention ICBC as a victim as of Thursday evening. Lockbit did not respond to a request for comment sent via a contact address posted on its site.

    “We don’t often see a bank this large get hit with this disruptive of a ransomware attack,” said Allan Liska, a ransomware expert at the cybersecurity firm Recorded Future.

    Liska, who also believes Lockbit was behind the hack, said ransomware gangs may not name and shame their victims when they are negotiating with them on the ransom demand.

    “This attack continues a trend of increasing brazenness by ransomware groups,” he said. “With no fear of repercussions, ransomware groups feel no target is off limits.”

    Rash of cybercrime

    US authorities have struggled to curb a rash of cybercrime, chiefly ransomware actors, who hit hundreds of companies in nearly every industry annually. Just last week US officials said they were working on curtailing the funding routes of ransomware gangs by improving information-sharing on such criminals across a 40-country alliance that includes South Africa.

    The ICBC did not comment on whether Lockbit was behind the hack. It is common for victim organisations to refrain from publicly disclosing the names of cybercrime gangs.

    Read: Ransomware attacks: how South African companies should respond

    Since Lockbit was discovered in 2020, the group has hit 1 700 US organisations, according to the US Cybersecurity and Infrastructure Security Agency. Last month it threatened Boeing with a leak of sensitive data it said it had found by breaching the company.

    While market sources said the impact of the hack appeared limited, it signalled how vulnerable systems at large organisations such as the bank continue to be to cybercriminals. Thursday’s incident is likely to raise questions over market participants’ cybersecurity controls and draw regulatory scrutiny.

    ICBC said it had successfully cleared US treasury trades executed on Wednesday and repurchase agreements (repo) financing trades done on Thursday.

    “In general, the event had a limited impact on the market,” said Scott Skrym, executive vice president for fixed income and repo at broker-dealer Curvature Securities.

    Some market participants said trades going through ICBC were not settled due to the attack and affected market liquidity. It was not clear whether this contributed to the weak outcome of a 30-year bond auction on Thursday.

    “There could have been maybe some technical issues with some participants not being able to access the market fully on the day,” said Michael Gladchun, associate portfolio manager, core plus fixed income, at Loomis Sayles.

    Read: Boeing hit by ransomware gang

    The Financial Times reported earlier on Thursday that the US Securities Industry and Financial Markets Association told members that ICBC had been hit by ransomware that disrupted the US treasury market by preventing it from settling trades on behalf of other market players.

    Read: 40 countries vow not to pay ransomware attackers

    “We are aware of the cybersecurity issue and are in regular contact with key financial sector participants, in addition to federal regulators. We continue to monitor the situation,” a treasury spokesperson said in a response to a question about the FT report.

    The treasury market appeared to be functioning normally on Thursday, according to LSEG data.  — Urvi Dugar and Pete Schroder, with Gertrude Chavez, Davide Barbuscia, Carolina Mandl and Paritosh Bansal, (c) 2023 Reuters

    Get breaking news alerts from TechCentral on WhatsApp



    ICBC LockBit Michael Gladchun
    Subscribe to TechCentral Subscribe to TechCentral
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleCybercrime trends to watch out for in 2024
    Next Article TFG online sales now 10% of total

    Related Posts

    Notorious ransomware group gets a taste of its own medicine

    9 May 2025

    LockBit ransomware gang’s power diminished but not eradicated

    19 March 2024

    Smashing a criminal enterprise – inside the Lockbit ransomware takedown

    21 February 2024
    Company News

    What you need to know about TCL’s stunning new C6K QD-Mini LED TV series

    21 May 2025

    CFOs don’t need superpowers, just the right tools – enter SynergERP

    21 May 2025

    SA partner marketers call for skills investment despite rising budgets

    21 May 2025
    Opinion

    Solar panic? The truth about SSEG, fines and municipal rules

    14 April 2025

    Data protection must be crypto industry’s top priority

    9 April 2025

    ICT distributors must embrace innovation or risk irrelevance

    9 April 2025

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    © 2009 - 2025 NewsCentral Media

    Type above and press Enter to search. Press Esc to cancel.