Hackers Hit U.S. Arm of Chinese Bank

A U.S. subsidiary of China’s biggest bank was hacked this week, threatening a temporary logjam for some trades in the Treasury bond market.

ICBC Financial Services, a New York-based entity owned by the Industrial and Commercial Bank of China, was the victim of a ransomware attack on Wednesday. The unit largely focuses on clearing, which means ensuring that transactions previously agreed by traders go through, with the money and securities changing hands.

The company was forced to disconnect and isolate some of its I.T. systems after the attack. But it said it was able to clear all trades involving U.S. Treasurys that were executed on Wednesday, and repo financing that took place on Thursday.

The incident shines a spotlight on the financial connections between China and the U.S., which persist despite political tensions and economic rivalry between the two countries. Chinese institutions hold more than $800 billion of Treasury bonds, even after a yearslong reduction in their holdings, and the country’s biggest banks are active in the U.S. government-bond market.

The attack came just ahead of a Thursday meeting between U.S. Treasury Secretary Janet Yellen and Chinese Vice Premier He Lifeng in San Francisco. That was itself a precursor to a meeting next week between President Biden and Chinese President Xi Jinping, the first time the two leaders will have met in a year.

The attack used ransomware developed by Russian hacking group LockBit, according to Marcus Murray, the founder of Truesec, a cybersecurity company. He said it was likely the attack was launched by an affiliate of LockBit.

Ransomware is a type of software that can paralyze computers or entire networks, with the promise that the attack will end if the victim makes a payment. The payments often take place in the form of cryptocurrency, which is harder for authorities to trace.

“A boundary has been broken. We haven’t seen something like this involving a large bank before,” said Murray. “We’ve seen previous cyberattacks against big banks, but the hackers haven’t used ransomware. It’s not clear how this is going to impact banks, or the wider financial system.”

“Banks are in many ways perfect targets. It’s generally very difficult to hack a bank, but because they are so complex they have so many vulnerabilities. They process a massive amount of transactions, and it’s hard to secure all of that,” he said.

LockBit’s program was the most widely used ransomware in the world last year and remains popular in 2023, according to the U.S. government’s Cybersecurity and Infrastructure Security Agency.

The attack took place a day before an auction for long-dated U.S. Treasurys got weaker demand than the government is used to.

ICBC had $5.7 trillion of assets at the end of last year, making it the largest bank in the world, according to S&P Global Ratings. That dwarfed the $3.7 trillion assets of JPMorgan Chase, the largest U.S. bank.

ICBC Financial Services said the computer systems in the Chinese bank’s head office in Beijing, as well as those of its New York branch, weren’t affected.

By August, China held $805 billion of U.S. Treasurys, the lowest level in more than 14 years, according to data from the Treasury Department. China’s U.S. government debt holding has been declining for five months since April. Japan is now the largest foreign holder of U.S. government bonds.

ICBC Financial Services is one of the main subsidiaries ICBC has in the U.S. The others include ICBC’s New York branch, which serves as the U.S. dollar clearing center for the bank, and ICBC USA, which provides retail and commercial banking services.

ICBC FS’s clients include hedge funds, broker-dealers and global banks, according to the bank’s own website.

Weilun Soon contributed to this article.

Write to Rebecca Feng at [email protected] and Matthew Thomas at [email protected]