The Cyber Attack Stalling ICBC America’s Transactions

Today, the Financial Times reported that the American branch of the Industrial and Commercial Bank of China has suffered a cyber attack, resulting in the bank’s inability to settle a substantial volume of transactions. As of this moment, the bank has yet to issue a statement confirming the incident or its repercussions.

An emergency notice shared by the security research organization vx-underground, addressed to stock traders, states, “ICBC is currently unable to connect to DTCC/NSCC. This issue is impacting all of ICBC’s clearing customers, including [censored]. Because of this, [censored] is temporarily suspending all inbound FIX connections and not accepting orders at this time. We are in close touch with ICBC and will advise as soon as the issue is resolved. We are exploring all avenues to clear all 11/8 trades and will provide updates as they become available.”

A spokesperson for the U.S. Treasury Department said, “We are aware of the cyber security issue and are in regular contact with key financial sector participants, in addition to federal regulators. We continue to monitor the situation.”

Security expert Kevin Beaumont noted that the ICBC Citrix servers were last online on Monday and had not been patched for an actively exploited security vulnerability known as “Citrix Bleed,” and are now offline.

“It allows complete, easy bypass of all forms of authentication and is being exploited by ransomware groups. It is as simple as pointing and clicking your way inside orgs – it gives attackers a fully interactive Remote Desktop PC the other end,” Beaumont explained.