Back

Sri Lanka Treasury Cyber Heist: $2.5 Million Misappropriated

Severity: Medium (Score: 51.9)

Sources: Sundaytimes.Lk, Themorning.Lk, Island.Lk

Summary

In January 2026, Sri Lanka's Treasury lost $2.5 million due to a cyber incident involving the misdirection of funds intended for foreign debt repayment. Initial investigations suggest that the incident may not have been a traditional cyber hack but rather a Business Email Compromise (BEC) scheme, where fraudulent communications led to the diversion of funds. The Ministry of Finance confirmed that the breach involved its External Resources Department, and complaints have been lodged with law enforcement agencies. Investigations are ongoing, with no evidence of a system-level breach found so far, according to Deputy Minister Eranga Weeraratne. The incident has raised significant concerns about the cybersecurity posture of government institutions and the adequacy of their digital infrastructure. Additionally, documents related to a French loan repayment have gone missing, potentially linked to the same group of hackers. The Australian Federal Police are assisting in the investigation, and measures are being taken to enhance cybersecurity protocols across government systems. Key Points: • Sri Lanka's Treasury lost $2.5 million due to a cyber incident involving misdirected funds. • Initial findings indicate a Business Email Compromise rather than a traditional hack. • Ongoing investigations have revealed missing documents related to a French loan repayment.

Key Entities

  • Data Breach (attack_type)
  • Phishing (attack_type)
  • Australian Export Finance Agency (company)
  • Australian High Commission (company)
  • Australian High Commission In Colombo (company)
  • Central Bank (company)
  • External Resources Department (company)
  • Australia (country)
  • France (country)
  • India (country)
  • Iran (country)
  • Israel (country)
  • CWE-200 - Exposure of Sensitive Information (cwe)
  • CWE-287 - Improper Authentication (cwe)
  • hitad.lk (domain)
  • Financial (industry)
  • Government (industry)
  • T1041 - Exfiltration Over C2 Channel (mitre_attack)
  • T1078 - Valid Accounts (mitre_attack)
  • T1566 - Phishing (mitre_attack)
  • T1567 - Exfiltration Over Web Service (mitre_attack)
  • Lanka Government Cloud (platform)
  • Swift (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed