A pedestrian walks pass a branch of Industrial & Commercial Bank of China (ICBC) in Fuzhou, Fujian province of China.
VCG | Getty Images
The U.S. financial services division of Chinese bank ICBC was hit with a cyberattack that reportedly disrupted the trading of Treasurys.
Industrial and Commercial Bank of China, the world’s largest lender by assets, said Thursday that its financial services arm, called ICBC Financial Services, experienced a ransomware attack “that resulted in disruption to certain” systems.
Immediately after discovering the hack, ICBC “isolated impacted systems to contain the incident,” the state-owned bank said.
Ransomware is a type of cyberattack. It involves hackers taking control of systems or information and only letting them go once the victim has paid a ransom. It’s a type of attack that has seen an explosion in popularity among bad actors in recent years.
ICBC did not reveal who was behind the attack but said it has been “conducting a thorough investigation and is progressing its recovery efforts with the support of its professional team of information security experts.”
The Chinese bank also said it is working with law enforcement.
ICBC said it “successfully cleared” U.S. Treasury trades executed Wednesday and repo financing trades done on Thursday. A repo is a repurchase agreement, a type of short-term borrowing for dealers in government bonds.
However, multiple news outlets reported there was disruption to U.S. Treasury trades. The Financial Times, citing traders and banks, said Friday that the ransomware attack prevented the ICBC division from settling Treasury trades on behalf of other market participants.
The U.S. Treasury Department told CNBC: “We are aware of the cybersecurity issue and are in regular contact with key financial sector participants, in addition to federal regulators. We continue to monitor the situation.”
ICBC said the email and business systems of its U.S. financial services arm operate independently of ICBC’s China operations. The systems of its head office, the ICBC New York branch, and other domestic and overseas affiliated institutions were not affected by the cyberattack, ICBC said.
What did the Chinese government say?
Wang Wenbin, spokesperson for China’s Ministry of Foreign Affairs, said Friday that ICBC is striving to minimize the impact and losses after the attack, according to a Reuters report.
Speaking at a regular news conference, Wang said ICBC has paid close attention to the matter and has handled the emergency response and supervision well, according to Reuters.
What do we know about the ransomware attack?
Nobody has claimed responsibility for the attack yet and ICBC has not said who might be behind the attack.
In the cybersecurity world, finding out who is behind a cyberattack is often very difficult due to the techniques hackers use to mask their locations and identities.
But there are clues about what kind of software was used to carry out the attack.
Marcus Murray, founder of Swedish cybersecurity firm Truesec, said the ransomware used is called LockBit 3.0. Murray said this information has come from sources with relations to Truesec, but was unable to reveal who those sources are due to confidentiality reasons. The Financial Times reported, citing two sources, that LockBit 3.0 was the software behind the attack too. CNBC was unable to independently verify the information.
This kind of ransomware can make its way into an organization in many ways. For example, by someone clicking on a malicious link in an email. Once in, its aim is to extract sensitive information about a company.
VMWare cybersecurity team said in a blog last year that LockBit 3.0 is a “challenge for security researchers because each instance of the malware requires a unique password to run without which analysis is extremely difficult or impossible.” The researchers added that the ransomware is “heavily protected” against analysis.
The U.S. government’s Cybersecurity and Infrastructure Security Agency calls LockBit 3.0 “more modular and evasive,” making it harder to detect.
LockBit is the most popular strain of ransomware, accounting for around 28% of all known ransomware attacks from July 2022 to June 2023, according to data from cybersecurity firm Flashpoint.
What is LockBit?
The LockBit is the group behind the software. Its business model is known as “ransomware-as-a-service.” It effectively sells its malicious software to other hackers, known as affiliates, who then go on to carry out the cyberattacks.
The leader of the group goes by the online name of “LockBitSup” on dark web hacking forums.
“The group primarily posts in Russian and English, but according to its website, the group claims to be located in the Netherlands and to not be politically motivated,” Flashpoint said in a blogpost.
The group’s malware is known to target small and medium-sized businesses.
LockBit has previously claimed responsibility for ransomware attacks on Boeing and the U.K’s. Royal Mail.
In June, the U.S. Department of Justice charged a Russian national for his involvement in “deploying numerous LockBit ransomware and other cyberattacks” against computers in the U.S., Asia, Europe and Africa.
“LockBit actors have executed over 1,400 attacks against victims in the United States and around the world, issuing over $100 million in ransom demands and receiving at least as much as tens of millions of dollars in actual ransom payments made in the form of bitcoin,” the DOJ said in a press release in June.
— CNBC’s Steve Kopack contributed to this article.
A Xiaomi store in Shanghai, China, on March 16, 2025.
Qilai Shen/Bloomberg | Bloomberg | Getty Images
Chinese electric carmakers Xiaomi, Xpeng and Leapmotor each delivered nearly 30,000 or more cars in March, roughly twice several of their fellow startup competitors.
It’s a sign of how some automakers are pulling ahead, while BYD remains the market leader by far.
Xiaomi delivered a record number of electric vehicles in March, exceeding 29,000 units, the company announced on social media. That topped its prior run of delivering more than 20,000 vehicles in each of the past five months.
The SU7, Xiaomi’s flagship model, was involved in a crash on a highway on Tuesday that left three dead. The automaker on Tuesday afternoon released a statement on Chinese social media that the vehicle was in navigation on autopilot mode before the accident.
Based on preliminary information, the road was obstructed because of construction. The driver took control of the car but collided with construction infrastructure. Xiaomi added in the release that investigations were underway.
That came two weeks after the automaker announced on March 18 its goal to deliver 350,000 vehicles this year. There are also talks of the automaker expanding its second EV factory in Beijing to meet demand, Bloomberg reported on March 18. Xiaomi did not immediately respond to CNBC’s request for comment.
Its competitor Xpeng in March delivered 33,205 vehicles, the fifth consecutive month it has delivered over 30,000 units per month and reflecting a 268% surge in deliveries from the same month last year. March is also the fifth consecutive month the company has delivered over 15,000 units of the Mona M03.
Li Autodelivered 36,674 vehicles in March, a 26.5% year-over-year increase, but fewer than every month in the second half of 2024. The company’s cars had gained early traction with Chinese consumers since most come with a fuel tank for charging the vehicle’s battery, reducing anxiety about driving range.
BYD sold 371,419 passenger vehicles in March, reflecting a year-over-year growth of 57.9%. Its overseas sales volume also hit a record high of 72,723 units in March.
Across the board, major companies across China’s electric car industry reported deliveries rose last month, indicating a pick-up in demand from the seasonally soft first two months of the year.
U.S. automaker Tesla sold 78,828 electric vehicles in China in March, marking a 11.5% year-over-year decline in growth.
Other Chinese carmakers saw growth in deliveries but some still struggled to break through the 20,000-unit mark.
Niodelivered 15,039 vehicles, a 26.7% year-over-year growth, but well below the number of cars delivered in the months of May to December last year. Nio-owned Onvo, which markets its electric vehicles as family-oriented, in March recorded 15,039 units in deliveries.
Aito, as of April 2, has not published its delivery numbers for March. The automaker, which uses Huawei tech in its vehicles, on social media had reported monthly deliveries of 34,987 and 21,517 in January and February, respectively.
Quarterly performance
On a first-quarter basis, BYD remained in the lead with 986,098 vehicles sold. The automaker, which overtook Tesla in annual sales last year, surpassed the U.S. EV giant in battery electric vehicles sales this quarter.
Tesla sold 172,754 vehicles in China in the first quarter this year, according to monthly delivery numbers published by the China Passenger Car Association.
Xpeng also reported strong growth, with a total of 94,008 vehicles delivered in the quarter ending in March, reflecting a 331% year-over-year growth.
Leapmotor saw quarterly deliveries more than double to 87,552 units from 33,410 units the same period in 2024, according to publicly available numbers the company published.
However, Li Auto and Nio reported weaker growth than their competitors in the first quarter of the year.
Nio saw 42,094 vehicles delivered in the three months ended March 2025, an increase of 40.1% year over year. Li Auto saw a slower year-over-year growth of 15.5%, with a total of 92,864 vehicles delivered.
Wednesday’s announcement, which came alongside a set of sweeping new tariffs, gives customs officials, retailers and logistics companies more time to prepare. Goods that qualify under the de minimis exemption will be subject to a duty of either 30% of their value, or $25 per item. That rate will increase to $50 per item on June 1, the White House said.
Use of the de minimis provision has exploded in recent years as shoppers flock to Chinese e-commerce companies Temu and Shein, which offer ultra-low cost apparel, electronics and other items. The U.S. Customs and Border Protection has said it processed more than 1.3 billion de minimis shipments in 2024, up from over 1 billion shipments in 2023.
Critics of the provision say it provides an unfair advantage to Chinese e-commerce companies and creates an influx of packages that are “subject to minimal documentation and inspection,” raising concerns around counterfeit and unsafe goods.
The Trump administration has sought to close the loophole over concerns that it facilitates shipments of fentanyl and other illicit substances on the claims that the packages are less likely to be inspected by customs agents.
Temu and Shein have taken steps to grow their operations in the U.S. as the de minimis loophole has come under greater scrutiny. After onboarding sellers with inventory in U.S. warehouses, Temu recently began steering shoppers to those items on its website, allowing it to speed up deliveries. Shein opened distribution centers in states including Illinois and California in 2022, and a supply chain hub in Seattle last year.
Apple CEO Tim Cook, center, watches during the inauguration ceremonies for President Donald Trump, right, and Vice President JD Vance, left, in the rotunda of the U.S. Capitol in Washington, Jan. 20, 2025.
Shawn Thew | Afp | Getty Images
Apple slid more than 6% in late trading Wednesday and led a broader decline in tech stocks after President Donald Trump announced new tariffs of between 10% and 49% on imported goods.
The majority of Apple’s revenue comes from devices manufactured primarily in China and a handful of other Asian countries. Nvidia, which manufactures new chips in Taiwan and assembles its artificial intelligence systems in Mexico and elsewhere, fell about 4%, while electric vehicle company Tesla dropped 4.5%.
Across the rest of the megacap universe, Alphabet, Amazon and Meta all dropped between 2.5% and 5%, and Microsoft was down by almost 2%.
If Apple’s postmarket loss is matched in regular trading Thursday, it would be the steepest decline for the stock since September 2020.
Trump on Wednesday afternoon said the new taxes on imported goods would be a “declaration of economic independence” for the country. He announced a 10% blanket tariff on all imports, and higher duties for specific countries, including 34% for China, 20% for European nations, and 24% for Japanese imports, based on what tariffs they charge on U.S. exports, Trump said.
“We will supercharge our domestic industrial base, we will pry open foreign markets and break down foreign trade barriers,” Trump said during his speech. “Ultimately, more production at home will mean stronger competition and lower prices for consumers.”
During his speech, Trump praised Apple, Meta, and Nvidia for spending money and investing in the United States.
“Apple is going to spend $500 billion, they never spent money like that here,” Trump said. “They’re going to build their plants here.”
The Nasdaq just wrapped up its worst quarter since 2022, dropping 10% in the first three months of the year, though the tech-heavy index rose in each of the first two days of the second quarter.