ICBC Hackers Used Methods Previously Flagged by U.S. Authorities

Subscribe to a bundle to unlock all coverage by Caixin Global and the WSJ.

By Justin Baer and Andrew Duehren

(The Wall Street Journal) — The hackers who infiltrated the New York arm of the 

Industrial and Commercial Bank of China and disrupted trading in the U.S. Treasury market appeared to exploit three vulnerabilities that had been flagged by U.S. officials earlier this year.

In an email sent to financial-services executives and trade groups Monday that was viewed by The Wall Street Journal, Treasury officials said that the ICBC attack stemmed from Lockbit 3.0 ransomware and two tactics that target users of services managed by Citrix, a cloud-computing company.  

In March, the FBI and the Department of Homeland Security had highlighted the risks posed by the Lockbit ransomware. And the Cybersecurity and Infrastructure Security Agency had warned companies about the Citrix vulnerabilities in recent weeks.