The US branch of Industrial and Commercial Bank of China was attacked by a team of LockBit hackers due to the failure to plug the Citrix Bleed loophole in time. 03/25 Update SLTechnology News&Howtos

The US branch of Industrial and Commercial Bank of China was attacked by a team of LockBit hackers due to the failure to plug the Citrix Bleed loophole in time.

2025-03-25 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > IT Information >

Shulou(Shulou.com)11/24 Report--

CTOnews.com November 20 news, Industrial and Commercial Bank of China (ICBC) US branch ICBCFS was attacked by hacker organization LockBit earlier this month, causing some systems to be interrupted, but ICBC stressed that this accident did not affect the head office and other domestic and foreign nearby institutions.

CTOnews.com learned through inquiry that ICBCFS is a wholly-owned subsidiary of Industrial and Commercial Bank of China located in New York, specializing in providing clearing, execution, financing and facility management services for global institutional clients, as well as settlement capabilities in global markets. Its clearing products include US stocks, US Treasury bonds, global stocks, euro bonds and ETF, etc.

ICBCFS had previously confirmed on its official website that it had been attacked by LockBit, and immediately cut off and isolated the affected systems to control the disaster after discovery, and launched a series of investigations and recovery work. Threat researcher Kevin Beaumont recently analyzed the cybersecurity incident.

It is reported that the hacker organization LockBit was able to break into ICBC's U.S. branch because the U.S. branch did not fix Citrix Bleed (CVE-2023-4966, CVSS risk score of 9.4), which had been exploited by hackers at the end of August this year. Kevin Beaumont also pointed out that as of November 14, there were still about 5000 Tencent Cloud Organization that had not yet fixed Citrix Bleed vulnerability.

It is worth noting that this vulnerability is said to be quite easy to exploit, in the case of hackers exploiting the vulnerability and retreating, they will not leave traces in NetScaler devices, and the network security department cannot detect the system intrusion through logs. Kevin Beaumont believes this is a design flaw Citrix needs to fix.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.