ICBC London Hit by Major Ransomware Attack from Hunters International
Incident Date:
September 11, 2024
Overview
Title
ICBC London Hit by Major Ransomware Attack from Hunters International
Victim
ICBC London
Attacker
Hunters International
Location
First Reported
September 11, 2024
Ransomware Attack on ICBC London by Hunters International
Hunters International, a notorious ransomware group, has claimed responsibility for a significant cyberattack on ICBC London, a branch of the Industrial and Commercial Bank of China (ICBC). The group alleges they have exfiltrated 6.6 terabytes of data, comprising over 5.2 million files, and have set a ransom deadline for September 13. This breach could have severe repercussions for ICBC London, given its extensive global financial operations and the stringent data privacy regulations in the EU and UK.
About ICBC London
ICBC London, officially known as ICBC (London) Plc, is a branch of the Industrial and Commercial Bank of China, the largest commercial bank in China. Established in 2002, ICBC London operates under the regulatory oversight of the Prudential Regulation Authority and the Financial Conduct Authority in the UK. The bank provides a comprehensive suite of financial services, including personal banking, corporate banking, and e-banking services. It plays a crucial role in facilitating international trade and investment activities between China and the UK.
Attack Overview
Hunters International claims to have stolen 6.6 terabytes of data from ICBC London, encompassing over 5.2 million files. The group has set a ransom deadline, threatening to release the data publicly if their demands are not met. This breach could lead to severe legal and compliance issues for ICBC London, particularly given the stringent data privacy regulations in regions such as the EU and UK.
About Hunters International
Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, shortly after the disruption of the Hive ransomware group. The group's ransomware code contains significant overlap with Hive ransomware, indicating a shared technical lineage. Hunters International focuses on exfiltrating target data and extorting victims with ransom demands. The group has been detected targeting victims across various regions, including the US, UK, Germany, and Namibia.
Penetration and Vulnerabilities
While the exact method of penetration remains unclear, Hunters International is known for employing sophisticated tactics such as the SharpRhino RAT malware to infiltrate networks undetected. ICBC London's extensive digital infrastructure and its role in facilitating international financial transactions make it a lucrative target for ransomware groups. The bank's reliance on e-banking services and digital platforms could have provided multiple entry points for the attackers.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.