NTMA Struggles to Recover €2.5M from Phishing Attack

Severity: Medium (Score: 51.9)

Sources: Rte.Ie

Summary

The National Treasury Management Agency (NTMA) has reported that it is unable to recover the remaining €2.5 million of the €5 million stolen during a phishing attack last summer. The attack involved a fraudulent payment request that appeared legitimate, leading to six individuals authorizing the payment. The NTMA's Chief Executive, Frank O'Connor, indicated that the agency is still pursuing recovery efforts, but the situation is becoming increasingly challenging. The attack was characterized by a breach of the investee's email systems, allowing threat actors to send valid instructions to the NTMA. An independent forensic investigation by Deloitte confirmed that the NTMA's IT systems were not compromised. Enhanced controls have been implemented to prevent future incidents. The agency manages significant public assets and liabilities, making it a target for cybercriminals. Key Points: • NTMA lost €5 million in a phishing attack, recovering only €2.5 million so far. • The attack involved a fraudulent payment request that bypassed internal checks. • Deloitte's investigation found no compromise of NTMA's IT systems, but recommended enhanced controls.

Key Entities

• Phishing (attack_type)
• Ireland Strategic Investment Fund (company)
• National Treasury Management Agency (company)
• Ireland (country)
• T1566 - Phishing (mitre_attack)