It’s not often that China’s biggest bank finds itself victim of a cyberattack so ferocious that it has to abandon its corporate email in favour of Gmail.
Welcome to Whale Hunting, a weekly newsletter delving into the hidden worlds of wealth and power from the team at Project Brazen. Catch up on all Project Brazen's work here, including Spy Valley (Tribeca Film Festival "Official Selection 2023"). Our new show The Professor, a thrilling art crime investigation, drops on Monday.
By Arnav Binaykia
It’s not often that China’s biggest bank finds itself victim of a cyberattack so ferocious that it has to abandon its corporate email in favour of Gmail. But over the course of one afternoon earlier this month, employees at the New York office of the Industrial and Commercial Bank of China (ICBC) found themselves locked out of their accounts and watching helplessly as the company’s data was ransacked, encrypted, and held hostage.
Within hours, a backlog of unprocessed U.S. Treasury trades led to the bank briefly racking up $9 billion in debt to Wall Street neighbour BNY Mellon. In an effort to settle trades, ICBC offered to manually put its payment information onto a USB stick and send it by messenger across Manhattan. (BNY, it seems, politely declined this option, and managed to provide an alternative method).
So who was behind the attack? None other than the same prolific hacker group that published 50 gigabytes of internal data robbed from Boeing back in January. Boeing decided against paying a ransom, but ICBC decided its data was too important to lose. LockBit, the group that took responsibility for the attack, confirmed to Bloomberg that ICBC had paid them an undisclosed amount to get its files unlocked.