The biggest bank in the world faced a major challenge on Thursday when its U.S. division, Industrial & Commercial Bank of China Ltd., encountered a cyberattack. The attack affected the unit’s ability to process a significant portion of U.S. Treasury trades. To cope, the bank resorted to an unconventional method, transferring essential settlement information via a USB stick carried by a messenger, due to the system disconnecting from entities involved in settling transactions.
The cyberattack, allegedly from the Lockbit criminal group with ties to Russia, led to immediate disruptions. Market participants, including banks and brokerages, had to redirect trades, uncertain of when normal access would resume. This incident highlights a significant concern for bank leaders—the looming threat of a cyber attack capable of disrupting the financial system, prompting calls for increased vigilance.
Following the attack, the bank’s Beijing headquarters urgently convened with its U.S. division, informing regulators and considering seeking assistance from China’s Ministry of State Security to mitigate risks in other units. The bank confirmed a ransomware attack that disrupted systems at its ICBC Financial Services unit but clarified that its head office and other overseas branches remained unaffected.
Although the full extent of the disruption wasn’t immediately evident, the liquidity in the Treasury market reportedly faced some impact. The attack affected a unit dealing with fixed-income clearing, Treasuries repo lending, and certain equities securities lending, which held $23.5 billion in assets by the end of 2022.
This cyber incident follows a trend of disruptions within the global financial system, reflecting the increasing challenges posed by cyber threats as online transactions and banking technology continue to expand. The attack on ICBC, the world’s largest bank by assets, underscores the pressing need for enhanced cybersecurity measures in the financial sector.