A cybercrime organisation says it is responsible for disruption experienced yesterday in the crucial market for US government debt, according to a Reuters report.
China’s largest commercial lender, the Industrial and Commercial Bank of China (ICBC), was hit by a ransomware attack, which involves computer systems being hijacked by criminals until a demand for money is paid.
ICBC helps to settle trades between investors in the US Treasury market, one of the biggest markets in the world, and the cyber attack disrupted these operations.
China is a significant owner of US government debt and the attack raised concern about liquidity in the market after ICBC was left unable to settle Treasury trades on behalf of other market participants.
US Treasuries are critical to the global financial system. The bonds are used as a benchmark for the American economy and influence borrowing costs faced by businesses and individuals worldwide.
According to Bloomberg, ICBC was forced to work around the hack by sending settlement details on a USB stick using a courier service.
Lockbit’s signature ransomware scrambles files on computers and flashes up a message demanding payment in hard-to-trace cryptocurrencies as the price for unscrambling them again.
The gang is known to engage in so-called “double extortion” tactics where they steal copies of files and ransom them back to the victims.
Earlier this year Lockbit criminals demanded £66m from Royal Mail after targeting the postal operator. Bosses stood firm and refused to pay, instead rebuilding the affected computer systems from the ground up.
Eventually Lockbit dumped data relating to 200 Royal Mail employees on the dark web. The stolen information appeared to be several years old, cyber security sources said.
Separately, magic circle law firm Allen & Overy was on Thursday investigating an apparent cyber attack.
The elite City firm confirmed on Thursday that it had experienced a “data incident impacting a small number of storage servers”.
Posts on Twitter claimed Allen & Overy had been attacked by Lockbit, a gang of Russia-linked hackers which threatened to publish stolen data on Nov 28.
A spokesman for Allen & Overy said: “As a matter of priority, we are assessing exactly what data has been impacted, and we are informing affected clients.”
Initial investigations have confirmed that the breach did not affect data held in the firm’s core computer systems, including emails and document management system.
“The firm continues to operate normally with some disruption arising from steps taken to contain the incident,” Allen & Overy said.
The firm provides legal services to many of Britain’s biggest financial institutions, including Barclays, Citi and Goldman Sachs.
It also advised money transfer business CAB Payments during its listing on the London Stock Exchange, the UK’s second-biggest flotation this year.
The data breach comes shortly after Allen & Overy approved a £2.7bn merger with New York-based firm Shearman & Sterling last month.
Lockbit has taken credit for the data breach and threatened “all available data will be published” unless demands are met, according to the group’s website on the dark web.
Allen & Overy did not comment when asked whether its files had been stolen.
Brett Callow, a threat analyst at cyber security company Emsisoft, said: “Attacks like this have the potential to be extremely bad. Law firms hold exceptionally sensitive information and its loss or exposure can have very negative consequences for clients.”
GCHQ’s National Cyber Security Centre earlier this year warned that hybrid working policies introduced after the pandemic have made law firms more vulnerable to cyber attackers.
DLA Piper and Gateley are among the law firms targeted by cyber attacks in recent years.
Adam Mawardi and Gareth Corfield contributed to this story.
