Cybersecurity Incident Disrupts Operations at ICBC FS in the U.S.

This notice serves to inform that ICBC FS, the U.S. division of a major financial institution from China, recently experienced a cybersecurity incident resulting in operational disruptions. The incident, classified as a ransomware attack, has compelled clients to redirect trades and has had an impact on the U.S. Treasury market. Ransomware attacks typically involve unauthorized access to vulnerable computer systems, followed by data encryption or theft. Subsequently, a ransom note is issued, demanding payment in exchange for decrypting or not publicly releasing the compromised data. ICBC FS has promptly responded to the incident by isolating and disconnecting the affected systems in order to contain and mitigate the situation. An investigation is currently underway, and efforts are being made to restore normal operations. Despite the incident, ICBC FS has successfully processed U.S. Treasury trades executed on Wednesday and repurchasing (repo) financing trades on Thursday. Notably, some trades were manually relayed with settlement details using USB sticks transported across Manhattan. The Chinese foreign ministry has assured that the business and office systems of ICBC's head office, as well as their domestic and foreign branches and subsidiaries, remain unaffected and fully operational. ICBC has taken immediate action, efficiently handling the situation, implementing emergency protocols, and ensuring effective communication and supervision to minimize any potential risks and losses. Media reports suggest that the attack was carried out using software associated with the Lockbit hacking group, known for encrypting files and demanding cryptocurrency payments for their release. Lockbit has previously targeted various organizations worldwide, including critical infrastructure and industrial groups. ICBC FS's incident serves as a reminder of the ongoing challenges posed by cybersecurity threats, and organizations are encouraged to remain vigilant and continuously strengthen their security measures. [Note: The notice concludes here within the maximum word limit of 250 words.]