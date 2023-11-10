Unlock Editor’s Digest for free

Wall Street traders and brokers are struggling to contain the damage from a ransomware attack on China’s biggest bank that has disrupted trading in the $25 trillion market for U.S. Treasuries.

The attack on the New York unit of the Industrial and Commercial Bank of China, first disclosed by the Financial Times on Thursday, exposed vulnerabilities in the world’s largest and most liquid treasury market, which underpins asset prices around the world. Does.

With its systems compromised, ICBC Financial Services was forced to send a USB stick with trading data to BNY Mellon to help settle trades, according to people familiar with the situation.

According to traders and banks, the attack prevented ICBC from settling Treasury trades on behalf of other market participants. Hedge funds and asset managers diverted trading due to the disruption and the attack had some impact on Treasury market liquidity, according to trading sources.

Some traders suggested the hack at ICBC may also have contributed to a sharp selloff in long-term Treasuries following Thursday’s $24 billion auction of 30-year bonds.

Because of the ICBC hack, BNY on Thursday requested multiple extensions of the operating hours of Fedwire, the real-time payments platform run by the U.S. Federal Reserve, to allow more time to settle Treasury trades, according to people familiar with the matter.

BNY declined to comment. ICBC did not respond to a request for comment. ICBC previously confirmed that it had “experienced a ransomware attack that has resulted in some disruption [financial services] System”

BNY, the world’s largest custodian bank, has disconnected ICBC from its platform and plans to reconnect it until a third party certifies that it is safe to do so, according to people with knowledge of the matter. Don’t plan.

“No IT team would trust anything from ICBC US without rigorously scanning or vetting it,” said one cyber expert involved in the industry response.

Another person involved said: “It will be slow and painful until BNY gets involved again.”

The Securities and Exchange Commission said on Friday it “continues to conduct surveillance focused on maintaining fair and orderly markets”. The Securities Industry and Financial Markets Association, which represents banks and asset managers, held a call with members to discuss their reaction to the incident.

At a briefing on Friday, the Chinese Foreign Ministry said ICBC had done a good job in dealing with the attack on its US financial services arm.

Ministry spokesman Wang Wenbin said, “The ICBC is closely monitoring this case and has done its best in emergency response and supervisory communication.”

ICBC is the only Chinese broker with a securities clearing license in the US. It created the business in 2010 after buying the Prime Dealer Services unit of Fortis Securities.

“ICBC is a big Chinese bank and the flows it handles matter,” said Charlie McElligott, cross-asset strategist at Nomura. “Anything that blocked the ability to participate in auctions, it’s fair to say, would have followed yield increases.”

After news of the ransomware attack broke, ICBC’s Beijing headquarters employees held urgent meetings with its US unit, according to an employee who attended these meetings.

Ransomware attacks have increased since the coronavirus pandemic, in part as remote work has made businesses more vulnerable and cybercriminal groups have become more organized.

“With the increasing severity, sophistication and frequency of cyber attacks, which often involve human error, there is an urgent need for companies to rethink their approach to ransomware defense,” said Oz Alashe, founder of British cybersecurity and data analytics firm Cybsafe. Is.”

Reporting by Joshua Franklin and Kate Duguid in New York, Costas Morcellas and George Steer in London, Colby Smith in Washington and Cheng Leng in Hong Kong

