The US broker-dealer subsidiary of the Industrial and Commercial Bank of China (ICBC Financial Services) suffered a LockBit ransomware attack on November 8, 2023. The attack disrupted ICBC’s ability to process and settle US Treasury trades, causing ripple effects across US Treasury and equity markets. The attack exploited the CitrixBleed vulnerability (CVE-2023-4966) in Citrix NetScaler. ICBC FS used USB drives to manually carry settlement data to the Depository Trust & Clearing Corporation (DTCC). Market participants were forced to re-route ICBC trades through alternative brokers. The attack was one of the most significant cyber incidents ever to impact US financial market infrastructure. ICBC FS paid a ransom to LockBit. Note: a separate Hunters International attack hit ICBC’s London subsidiary in September 2024.