London, UK – September 16, 2024 – The ransomware group Hunters International has claimed responsibility for a data breach at the London branch of the Industrial and Commercial Bank of China (ICBC), one of China’s largest state-owned banks. The group claims to have exfiltrated 6.6 terabytes of data, comprising over 5.2 million files, and has threatened to release the stolen data if their ransom demands are not met.
Hunters International Ransomware : A Rising Threat
Hunters International, a relatively new ransomware group that emerged after the disruption of the Hive ransomware group in late 2023, has quickly gained notoriety. This year alone, they claim to have breached over 134 entities globally, targeting various sectors, including financial services. The group is known for employing advanced tactics, including deploying sophisticated malware like the SharpRhino RAT, which allows them to infiltrate corporate networks undetected.
Potential Catastrophic Impact
The breach of ICBC, the world’s largest bank by assets, could have severe consequences due to the vast amount of sensitive financial data it holds. Ted Miracco, CEO of Approov, warns that such a breach could result in substantial fines and penalties, or even lawsuits from affected customers and businesses.
“If Hunters publish ICBC’s data, it will lead to severe legal and compliance breaches, especially in regions with stringent financial and data privacy regulations, such as the EU’s GDPR or the UK’s Data Protection Act,” Miracco states.
The Prevalence of RaaS
Miracco highlights the prevalence of ransomware-as-a-service (RaaS) models, which enable ransomware groups like Hunters International to operate with greater efficiency. “The involvement of RaaS models lowers the bar for cybercriminals, enabling them to outsource sophisticated ransomware attacks and focus on large, lucrative targets such as banks,” he explains.
Security Vulnerabilities and Geopolitical Dynamics
Miracco emphasizes the need to strengthen the security of mobile applications and APIs, which are often targeted as entry points for ransomware attacks. “Organizations have demonstrated their capability to compromise even large and presumably secure institutions like ICBC because API security vulnerabilities remain largely unaddressed,” he says.
Miracco also suggests a potential connection between Hunters International and Russia’s safe harbor policy for cybercriminals operating within its borders, noting that the group does not target Russian firms.
“This geopolitical dynamic is common with ransomware gangs, especially those with links to Russia, which often avoid targeting domestic organizations to stay under government protection. Ransomware attacks focused on extortion for financial gain are a hallmark of many Russia-based cybercrime,” Miracco explains.
The Need for Comprehensive Security
In response to this escalating threat, businesses are urged to adopt comprehensive security strategies, perform regular data backups, and train employees to recognize phishing attempts and other cyber risks. The global financial community is closely monitoring how ICBC manages this breach, as it could have far-reaching consequences for the industry.