Robin’s Newsletter #282

12 November 2023. Volume 6, Issue 46
LockBit behind attack on US arm of China's largest bank. Aonoymous Sudan DDOS disrupts ChatGPT. Sandworm's attack against Ukraine power grid.
Join hundreds of subscribers who get this first, every Sunday. Subscribe

This week

Ransomware attack against China’s biggest bank

  • The US arm of the Industrial and Commercial Bank of China suffered a ransomware attack this week, which disrupted trading on the US Treasuries market. The FT broke the news, and its sources say that ICBC Financial Services was forced to resort to sending trading data via USB stick to BNY Mellon to settle trades. ICBC also required a $9 billion capital injection from its Chinese parent company to cover unsettled trades.
  • Security researchers believe that the LockBit cybercrime gang may be behind the attack, while a Chinese foreign ministry spokesperson told The Guardian that “ICBC has been closely monitoring the matter and has done its best in emergency response and supervisory communication,” before adding that head office and other subsidiary operations remained unaffected.
  • It’s unusual to see successful attacks of this nature against financial services firms. IBCB employs over 400,000 people globally and had over $4 trillion in total assets in 2018. Having been disconnected from trading partners like BNY, they will likely need to provide significant assurances between reconnecting systems.

A busy month for LockBit operators

ChatGPT outages caused by DDOS attack

  • OpenAI has confirmed that outages of its flagship ChatGPT service were caused by a distributed denial-of-service (DDOS) attack. Users of the artificial intelligence chatbot received notices that the service was “at capacity” or could not log in to the service.
  • TechCrunch reports seeing Telegram messages in which Anonymous Sudan claimed responsibility for the disruption. While presenting as a hacktivist group from Africa, researchers believe Anonymous Sudan to be a front for Russian state-linked activity.
  • The disruption from a reflective DDOS attack — called so because the attacker spoofs requests for data, with other services ‘reflecting’ their responses to the victim’s IP address — lasted just over 24 hours. 

Sandworm behind Ukraine power outage in October 2022

Interesting stats

Double the number of facial recognition searches in the next year, police forces urged by UK Policing Minister.

Other newsy bits / in brief

And finally


  Robin's Newsletter - Volume 6

  “Industrial and Commcercial Bank of China (ICBC)" LockBit Allen & Overy Boeing OpenAI ChatGPT Distributed Denial of Service (DDOS) Sandworm Russia Ukraine Electricity Distribution Operational Technology (OT) Facial Recognition Law Enforcement Investigatory Powers Electronic Identification, Authentication and Trust Services (eIDAS) Certificates Legal privilege Incident Response (IR) Optus Veamm