{
	"id": "6ab06ea2-0bcc-4624-a873-c07d44982f42",
	"created_at": "2026-04-06T00:08:56.720628Z",
	"updated_at": "2026-04-10T13:11:45.193235Z",
	"deleted_at": null,
	"sha1_hash": "3555e914365c23b3d6b8203dbcbf3b666267557f",
	"title": "Industrial and Commercial Bank of China dealing with LockBit ransomware attack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 73065,
	"plain_text": "Industrial and Commercial Bank of China dealing with LockBit\r\nransomware attack\r\nBy Jonathan Greig\r\nPublished: 2023-11-09 · Archived: 2026-04-05 23:17:21 UTC\r\nOne of the world’s largest banks is dealing with a ransomware attack, according to media reports on Thursday.\r\nThe Financial Times first reported that the state-owned Industrial and Commercial Bank of China (ICBC) —\r\nChina’s biggest, with revenues of $214.7 billion in 2022 — was hit with ransomware this week.\r\nThe Securities Industry and Financial Markets Association, a trade group representing securities firms, banks, and\r\nasset management companies, reportedly sent a message to its members about the incident after certain trades on\r\nthe U.S. Treasury market were unable to clear.\r\nICBC, the Securities Industry and Financial Markets Association and the U.S. Treasury Department did not\r\nrespond to requests for comment.\r\nSources told Financial Times that the LockBit ransomware gang was behind the attack. The group has carried out\r\nseveral large attacks on governments, companies and organizations throughout 2023, far outpacing any other\r\nransomware gang currently operating.\r\nBloomberg reported that the bank told several clients that a cybersecurity issue would require them to reroute\r\nsome trades. ICBC said the attack started on Wednesday evening, the outlet reported.\r\nSeveral cybersecurity researchers said reports of the attack had been floating around for days. Experts at the\r\nmalware research platform vx-underground said they were informed of equity traders who were unable to place\r\ntrades or clear previous ones through ICBC.\r\nThe bank allegedly sent out an emergency notice saying the incident is “impacting all of ICBC’s clearing\r\ncustomers” and that due to the attack, they were temporarily not accepting orders.\r\nCybersecurity expert Kevin Beaumont shared a Shodan search showing that ICBC had a Citrix Netscaler box that\r\nwas unpatched for CVE-2023-4966 — a bug known by experts as “CitrixBleed” that affects NetScaler ADC and\r\nNetScaler Gateway appliances. The products are used by companies to manage network traffic.\r\nBeaumont said the box is now removed from the internet but noted that ransomware gangs are exploiting the issue\r\nbecause it “allows complete, easy bypass of all forms of authentication.” More than 5,000 organizations have yet\r\nto patch the vulnerability, he added.\r\n“It is as simple as pointing and clicking your way inside orgs - it gives attackers a fully interactive Remote\r\nDesktop PC the other end,” Beaumont explained.\r\nhttps://therecord.media/icbc-dealing-with-ransomware-attack\r\nPage 1 of 3\n\nJon Miller, CEO of Halcyon, told Recorded Future News that the alleged attack on ICBC “has the potential to\r\nhave a serious impact on worldwide financial markets, as US Treasuries are central to the global banking and\r\nfinance system.”\r\n“Critical infrastructure providers like the financial, manufacturing, healthcare and energy sectors remain top\r\ntargets for ransomware operators because the pressure to quickly resolve the attacks and resume operations\r\nincreases the chances victim organizations will pay the ransom demand,” he said.\r\nNo previous article\r\nNo new articles\r\nJonathan Greig\r\nis a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since\r\n2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.\r\nHe previously covered cybersecurity at ZDNet and TechRepublic.\r\nhttps://therecord.media/icbc-dealing-with-ransomware-attack\r\nPage 2 of 3\n\nSource: https://therecord.media/icbc-dealing-with-ransomware-attack\r\nhttps://therecord.media/icbc-dealing-with-ransomware-attack\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://therecord.media/icbc-dealing-with-ransomware-attack"
	],
	"report_names": [
		"icbc-dealing-with-ransomware-attack"
	],
	"threat_actors": [],
	"ts_created_at": 1775434136,
	"ts_updated_at": 1775826705,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3555e914365c23b3d6b8203dbcbf3b666267557f.pdf",
		"text": "https://archive.orkl.eu/3555e914365c23b3d6b8203dbcbf3b666267557f.txt",
		"img": "https://archive.orkl.eu/3555e914365c23b3d6b8203dbcbf3b666267557f.jpg"
	}
}