The US trading arm of the Industrial and Commercial Bank of China (ICBC) has reportedly fallen victim to a ransomware attack, resulting in trades being conducted through messengers carrying USB thumb drives across Manhattan. The attack occurred on November 8, 2023, and ICBC is currently conducting a thorough investigation into the incident. The bank, considered the world’s largest, is believed to have been targeted by the LockBit ransomware gang, which has previously attacked major organizations such as Accenture, Continental, and the UK’s Royal Mail. Fortunately, the affected systems are isolated from ICBC’s head office, and overseas units remain unaffected. However, it has been revealed that ICBC Financial Services failed to patch its Citrix NetScaler Gateway appliance against the critical Citrix Bleed vulnerability, which allows hackers to bypass authentication and gain access to corporate systems. This vulnerability has been actively exploited for weeks in attacks against unpatched government networks and corporations worldwide.
Key Points:
1. The US trading arm of ICBC has been hit by a ransomware attack, resulting in trades being conducted through messengers carrying USB thumb drives.
2. The attack occurred on November 8, 2023, and ICBC is currently conducting a thorough investigation into the security incident.
3. The LockBit ransomware gang, linked to Russia, is believed to be responsible for the attack on ICBC.
4. ICBC Financial Services failed to patch its Citrix NetScaler Gateway appliance against the critical Citrix Bleed vulnerability, which allows hackers to bypass authentication and gain access to corporate systems.
5. The same vulnerability has been actively exploited in attacks against unpatched government networks and corporations worldwide.
