Table of Contents
ToggleSri Lanka has been hit by a state-level cyber intrusion! Finance Ministry Secretary-General Harshana Suriyapperuma told the media on Thursday that hackers breached the Ministry's computer system in January, successfully stealing $2.5 million (approximately £1.8 million) in sovereign repayment funds.
The funds were originally intended to repay bilateral debts owed to Australia. The matter came to light when Australian creditors raised questions after failing to receive payment.
Email interception and account modification: Initial findings of the attack methods
Investigators currently believe this was a business email fraud (BEC) attack, infiltrating the Treasury’s email system and altering the receiving account information during the sovereign debt payment process, diverting $2.5 million that should have been transferred to Australia to another account.
Suriyapperuma said, "Sri Lanka made the payment on time, but cybercriminals intercepted it and transferred the funds to other bank accounts instead of the intended recipient." Deputy Finance Minister Anil Jayantha Fernando added that the full scale of the incident only came to light when the hackers attempted to replicate the process for another repayment to India.
How the hackers breached the multiple layers of defense within the Treasury Department system is still under investigation. Officials stated they are seeking assistance from several overseas law enforcement agencies.
Four civil servants have been suspended, and Australia has intervened to assist in the investigation.
Suriyapperuma stated that four senior officials from the Office of Public Debt Management have been suspended, and the investigation focuses on clarifying why control mechanisms at various levels have failed one after another, and whether there is still a possibility of recovering the stolen funds.
Matthew Duckworth, Australia's High Commissioner to Colombo, confirmed in a post on the X platform that Canberra was aware of the irregular payment, stating, "Sri Lankan authorities are investigating the matter and coordinating with Australian officials who are providing assistance."
New Shocks Following Sovereign Default: Sri Lanka's Vulnerable Moments
This invasion occurred during Sri Lanka's most vulnerable recovery period. Four years ago, Sri Lanka experienced a severe foreign exchange crisis, with depleted foreign exchange reserves leading to serious shortages of food, fuel, and medicine. Colombo subsequently defaulted on its $46 billion (approximately £34 billion) foreign debt, and massive protests ultimately led to the overthrow of then-President Gotabaya Rajapaksa in July 2022.
In the years that followed, Sri Lanka continued its debt restructuring and fiscal consolidation, and this $2.5 million repayment to Australia was part of that restructuring arrangement. The theft is not only a financial loss, but also a heavy blow to the Sri Lankan government, which is rebuilding its sovereign credit.
Related reports
