The US trading arm of the Industrial and Commercial Bank of China (ICBC) has been hit by a ransomware attack that reportedly forced it to handle trades via messengers carrying USB thumb drives across Manhattan.
A notice on the ICBC Financial Services website confirmed that its systems were disrupted on November 8 2023, and that it is “conducting a thorough investigation” into the security incident, and has informed relevant authorities.
ICBC, the world’s biggest bank, is believed to have been attacked by the Russia-linked LockBit ransomware gang that has numbered the likes of IT giant Accenture, the German autoparts firm Continental, and the UK’s Royal Mail, amongst its many past victims.
According to the company, the affected systems are isolated from ICBC’s head office, and overseas units are not impacted.
Security researcher Kevin Beaumont posted on Mastodon that ICBC Financial Services had not patched its Citrix NetScaler Gateway appliance against the critical Citrix Bleed vulnerability (CVE-2023-4966), which Citrix issued a fix for last month.
The vulnerability is considered particularly serious because of how it can be exploited to allow hackers to easily bypass authentication – opening avenues for ransomware groups to break into corporate systems.
The same Citrix Bleed vulnerability has been actively exploited for weeks in attacks against unpatched government networks and corporations.