China’s ICBC, the world’s biggest bank, hit by cyberattack that reportedly disrupted Treasury markets
A pedestrian walks pass a branch of Industrial & Commercial Bank of China (ICBC) in Fuzhou, Fujian province of China.
VCG | Getty Images
The U.S. financial services division of Chinese bank ICBC was hit with a cyberattack that reportedly disrupted the trading of Treasurys.
Industrial and Commercial Bank of China, the world’s largest lender by assets, said Thursday that its financial services arm, called ICBC Financial Services, experienced a ransomware attack “that resulted in disruption to certain” systems.
Immediately after discovering the hack, ICBC “isolated impacted systems to contain the incident,” the state-owned bank said.
Ransomware is a type of cyberattack. It involves hackers taking control of systems or information and only letting them go once the victim has paid a ransom. It’s a type of attack that has seen an explosion in popularity among bad actors in recent years.
ICBC did not reveal who was behind the attack but said it has been “conducting a thorough investigation and is progressing its recovery efforts with the support of its professional team of information security experts.”
The Chinese bank also said it is working with law enforcement.
ICBC said it “successfully cleared” U.S. Treasury trades executed Wednesday and repo financing trades done on Thursday. A repo is a repurchase agreement, a type of short-term borrowing for dealers in government bonds.
However, multiple news outlets reported there was disruption to U.S. Treasury trades. The Financial Times, citing traders and banks, said Friday that the ransomware attack prevented the ICBC division from settling Treasury trades on behalf of other market participants.
The U.S. Treasury Department told CNBC: “We are aware of the cybersecurity issue and are in regular contact with key financial sector participants, in addition to federal regulators. We continue to monitor the situation.”
ICBC said the email and business systems of its U.S. financial services arm operate independently of ICBC’s China operations. The systems of its head office, the ICBC New York branch, and other domestic and overseas affiliated institutions were not affected by the cyberattack, ICBC said.
What did the Chinese government say?
Wang Wenbin, spokesperson for China’s Ministry of Foreign Affairs, said Friday that ICBC is striving to minimize the impact and losses after the attack, according to a Reuters report.
Speaking at a regular news conference, Wang said ICBC has paid close attention to the matter and has handled the emergency response and supervision well, according to Reuters.
What do we know about the ransomware attack?
Nobody has claimed responsibility for the attack yet and ICBC has not said who might be behind the attack.
In the cybersecurity world, finding out who is behind a cyberattack is often very difficult due to the techniques hackers use to mask their locations and identities.
But there are clues about what kind of software was used to carry out the attack.
Marcus Murray, founder of Swedish cybersecurity firm Truesec, said the ransomware used is called LockBit 3.0. Murray said this information has come from sources with relations to Truesec, but was unable to reveal who those sources are due to confidentiality reasons. The Financial Times reported, citing two sources, that LockBit 3.0 was the software behind the attack too. CNBC was unable to independently verify the information.
This kind of ransomware can make its way into an organization in many ways. For example, by someone clicking on a malicious link in an email. Once in, its aim is to extract sensitive information about a company.
VMWare cybersecurity team said in a blog last year that LockBit 3.0 is a “challenge for security researchers because each instance of the malware requires a unique password to run without which analysis is extremely difficult or impossible.” The researchers added that the ransomware is “heavily protected” against analysis.
The U.S. government’s Cybersecurity and Infrastructure Security Agency calls LockBit 3.0 “more modular and evasive,” making it harder to detect.
LockBit is the most popular strain of ransomware, accounting for around 28% of all known ransomware attacks from July 2022 to June 2023, according to data from cybersecurity firm Flashpoint.
What is LockBit?
The LockBit is the group behind the software. Its business model is known as “ransomware-as-a-service.” It effectively sells its malicious software to other hackers, known as affiliates, who then go on to carry out the cyberattacks.
The leader of the group goes by the online name of “LockBitSup” on dark web hacking forums.
“The group primarily posts in Russian and English, but according to its website, the group claims to be located in the Netherlands and to not be politically motivated,” Flashpoint said in a blogpost.
The group’s malware is known to target small and medium-sized businesses.
LockBit has previously claimed responsibility for ransomware attacks on Boeing and the U.K’s. Royal Mail.
In June, the U.S. Department of Justice charged a Russian national for his involvement in “deploying numerous LockBit ransomware and other cyberattacks” against computers in the U.S., Asia, Europe and Africa.
“LockBit actors have executed over 1,400 attacks against victims in the United States and around the world, issuing over $100 million in ransom demands and receiving at least as much as tens of millions of dollars in actual ransom payments made in the form of bitcoin,” the DOJ said in a press release in June.
— CNBC’s Steve Kopack contributed to this article.
Waymo self-driving cars with roof-mounted sensor arrays traveling near palm trees and modern buildings along the Embarcadero, San Francisco, California, February 21, 2025.
Smith Collection/gado | Archive Photos | Getty Images
Alphabet‘s Waymo is bringing its driverless ride-hailing services to London, the first European market for its robotaxi.
The company said in a release on Wednesday that it plans to start test drives on London’s roads in coming months, with human safety specialists at the wheel. It intends to open its robotaxi service next year, assuming it can get permissions from regulators as well as local and national leaders.
London will mark the company’s second international city after Tokyo, where testing began in early 2025.
Waymo has been aggressively expanding in the U.S., and now offers a commercial service in the Los Angeles area, Phoenix, San Francisco, Atlanta and Austin, Texas. The company has also announced plans to start robotaxi services in Miami and Washington, D.C., and said in August that it obtained permits to begin testing its autonomous vehicles with trained safety drivers on board in New York City.
In London, Waymo’s fleet will be comprised of Jaguar iPACE electric vehicles equipped with the company’s Waymo Driver autonomous systems. Waymo said it already employs engineering teams in Oxford and London, and that it plans to work with Moove to handle operations and maintenance for its fleet.
Moove provides vehicle financing to drivers who want to purchase a new vehicle for ride-hailing, and offers services like cleaning, some repairs and charging of electric vehicles to transportation businesses including Waymo and Uber, which is an investor in the startup.
In June, the U.K. announced an accelerated framework for commercial pilots by AV ventures, an effort to bring self-driving investments to the region. London also established a “Vision Zero” goal earlier this year to eliminate all serious injuries and deaths in its transportation systems by 2041.
Waymo says its system “is involved in five times fewer injury-causing collisions, and twelve times fewer injury-causing collisions with pedestrians compared to humans,” according to the company’s analysis of its own data.
The company has also reported that its self-driving vehicles have logged 100 million “fully autonomous miles” on public roads, and provided more than 10 million paid rides to passengers to-date.
Waymo is part of Alphabet’s “Other Bets” segment, which brought in revenue of $373 million in the second quarter on a loss of $1.25 billion. Alphabet plans to report third-quarter results on Oct. 29.
Wayve, a U.K.-based startup backed by SoftBank and Microsoft, previously announced that it plans to bring a robotaxi commercial pilot to London next year. While Waymo uses radar, lidar and other sophisticated sensors in its vehicles, Wayve is developing camera-based systems, an approach that’s similar to Tesla’s pursuits.
— CNBC’s Jennifer Elias contributed to this report.
-
Sports3 years ago‘Storybook stuff’: Inside the night Bryce Harper sent the Phillies to the World Series
-
Sports2 years agoStory injured on diving stop, exits Red Sox game
-
Sports2 years agoGame 1 of WS least-watched in recorded history
-
Sports3 years agoButton battles heat exhaustion in NASCAR debut
-
Sports3 years agoMLB Rank 2023: Ranking baseball’s top 100 players
-
Sports4 years ago
Team Europe easily wins 4th straight Laver Cup
-
Environment2 years agoJapan and South Korea have a lot at stake in a free and open South China Sea
-
Environment1 year agoHere are the best electric bikes you can buy at every price level in October 2024