US arm of China’s ICBC bank hit by ransomware attack

10 Nov 2023

Image: © Tobias Arhelger/

A spokesperson for the foreign ministry of China said ICBC was working on minimising the impact of the ransomware attack.

The US arm of one of China’s biggest banks has become the latest victim of a ransomware attack, disrupting trades in the US treasury market.

ICBC Financial Services, a unit of the Industrial and Commercial Bank of China (ICBC) in the US, said it is investigating a ransomware attack that disrupted some of its systems, according to multiple media reports.

Wang Wenbin, a spokesperson for the foreign ministry of China, told a news conference that the ICBC is trying to minimise the impact of the attack.

“ICBC has been closely monitoring the matter and has done its best in emergency response and supervisory communication,” the spokesperson said.

A commercial bank owned by the Chinese state, ICBC is the largest bank in China by market capitalisation and one of the largest in the world. The latest ransomware attack only affects the US wing of its international operations.

Camellia Chan, CEO and co-founder of Flexxon, said that the attack on ICBC shows that “no organisation is ever safe” from the threat of ransomware.

“Both old and new gangs and threat actors are always plotting their next move. In fact, ransomware had a record month in September,” Chan explained.

“And we all know the consequences can be disastrous. Just look at Moveit from earlier this year – cybercriminals accessed data from a whole host of businesses and governments, including Shell and the US Department of Energy, and is still being felt today.”

First reported on in June, the global Moveit breach, in which hackers exploited a zero-day vulnerability in the file transfer software, affected companies and government agencies on both sides of the Atlantic, including banks, universities, insurance and healthcare providers.

Microsoft attributed the hack exploiting the Moveit zero-day vulnerability to Lace Tempest, a reportedly Russian-speaking cybercrime group known for similar ransomware operations and running the Clop extortion site.

While the ICBC attack has already disrupted trades in the US treasury market, Chan wonders if the “damage will stop there”.

“The good news is, it appears the bank acted swiftly by isolating affected systems, and investigations are ongoing – but this will no doubt shake organisations across the globe,” she went on.

“To meet the fast-evolving threat landscape, organisations need to be proactive in recognising security gaps and must address those with innovative, proven solutions at both the software and the hardware layer.”

According to Bloomberg, the ICBC attack can be traced to ransomware group LockBit, which earlier this year took responsibility for a data breach affecting one of the largest dental care and oral health insurance providers in the US, affecting 9m people.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Vish Gain is a journalist with Silicon Republic