Ransomware Attack on China’s ICBC Disrupts Treasury Market Trading

The Industrial and Commercial Bank of China Limited (ICBC) logo is seen at its branch in Beijing, China on March 30, 2016. REUTERS/Kim Kyung-Hoon/File Photo Get license rights

Nov 9 (Reuters) – A U.S. Treasury note disrupted some trading on Thursday, but the impact was limited, market sources said.

ICBC Financial Services said in a statement that the ransomware attack had disrupted some systems and that it was conducting an investigation and “advancing its recovery efforts”.

The bank said the treasury trades executed on Wednesday and the repurchase agreements (repo) executed on Thursday have successfully completed the financial trades.

“In general, this event had a minimal impact on the market,” said Scott Schrim, executive vice president of fixed income and repos at broker-dealer Curvature Securities.

In ransomware attacks, hackers encrypt a company’s systems and demand a ransom in exchange for unlocking them. It was not immediately clear who was behind the attack.

Bloomberg reported later Thursday that a major criminal group known as Lockbit with ties to Russia was suspected of masterminding the hack, citing people familiar with the situation.

While ransomware attacks have been on the rise in various sectors in recent years, they have rarely disrupted a major financial market. Thursday’s incident raises questions about market participants’ cybersecurity controls and could subject them to regulatory scrutiny.

Some market participants said trades through ICBC, China’s largest commercial lender by assets, were not settled because of the attack, affecting market liquidity. It’s unclear whether that contributed to the weak outcome of Thursday’s 30-year bond auction.

“There may have been some technical issues that prevented some participants from fully accessing the market that day,” said Michael Klatshun, associate portfolio manager for core plus fixed income at Loomis Sayles.

See also  2023 Detroit Lions UTFA Tracker

The Financial Times earlier on Thursday told members of the U.S. Securities Industry and Financial Markets Association (SIFMA) that ICBC ( 601398.SS ) had been affected by ransomware, which disrupted trading on behalf of other markets and disrupted the U.S. Treasury market. Players.

“We are aware of the cyber security issue and are in regular contact with key financial sector participants in addition to federal regulators. We continue to monitor the situation,” a Treasury spokesperson said in response to a question about the FT report. SIFMA declined to comment.

According to LSEG data, the Treasury market appeared to be performing normally on Thursday.

According to data site Statista, global organizations detected 493.33 million ransomware attack attempts last year. According to the Financial Services Information Sharing and Analysis Center, Lockbit was the dominant ransomware operator throughout 2022.

Reporting by Urvi Dughar in Bangalore and Pete Schroeder in Washington; Additional reporting by Zeba Siddiqui and Gertrude Chavez, Davide Barbuscia, Carolina Mandl, Paritosh Bansal; Editing by Diane Croft and Stephen Coates

Our Standards: Thomson Reuters Trust Principles.

Get license rightsOpens a new tab

The Reuters Washington bureau covers financial regulation and policy, with a particular focus on banking regulators. Covering economic and financial policy in the US capital for 15 years. Previous experience includes roles at The Hill newspaper and The Wall Street Journal. He earned a master’s degree in journalism from Georgetown University and a bachelor’s degree from the University of Notre Dame.

Leave a Reply

Your email address will not be published. Required fields are marked *