The hackers who infiltrated the New York arm of the Industrial and Commercial Bank of China and disrupted trading in the U.S. Treasury market appeared to exploit three vulnerabilities that had been flagged by U.S. officials earlier this year.

In an email sent to financial-services executives and trade groups Monday that was viewed by The Wall Street Journal, Treasury officials said that the ICBC attack stemmed from Lockbit 3.0 ransomware and two tactics that target users of services managed by Citrix, a cloud-computing company.