In a shocking breach of national cybersecurity, Sri Lanka’s finance ministry fell victim to a sophisticated $2.5 million scam. The funds, earmarked for an Australian lender, vanished into cyberspace after hackers infiltrated government servers.
Details emerged showing how attackers exploited email vulnerabilities to breach the External Resources Department’s systems. They manipulated payment instructions, diverting the entire sum mid-transfer. The plot unraveled when treasury teams flagged anomalies in a parallel India-related transaction, averting further losses.
A high-level probe involving multiple agencies is now racing against time, collaborating with global allies to trace the money trail and identify culprits. Treasury chief Harshana Suriyapperuma highlighted the rapid detection, crediting it to proactive monitoring. An expert panel probes procedural gaps, with accountability measures targeting negligent parties.
Notifications have reached affected parties, including Australian authorities, who pledge continued support for Sri Lanka’s economic recovery. Analysts note no impact on debt commitments. This incident underscores the rising tide of BEC attacks—where fraudsters impersonate executives via compromised emails.
To fortify defenses, officials urge two-factor authentication, regular system audits, and employee training. Sri Lanka’s response sets a precedent for resilience amid escalating cyber threats worldwide.
