Sri Lanka Treasury Cyber Heist: $2.5 Million Misappropriated
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
In January 2026, Sri Lanka's Treasury lost $2.5 million due to a cyber incident involving the misdirection of funds intended for foreign debt repayment. Initial investigations suggest that the incident may not have been a traditional cyber hack but rather a Business Email Compromise (BEC) scheme, where fraudulent communications led to the diversion of funds. The Ministry of Finance confirmed that the breach involved its External Resources Department, and complaints have been lodged with law enforcement agencies. Investigations are ongoing, with no evidence of a system-level breach found so far, according to Deputy Minister Eranga Weeraratne. The incident has raised significant concerns about the cybersecurity posture of government institutions and the adequacy of their digital infrastructure. Additionally, documents related to a French loan repayment have gone missing, potentially linked to the same group of hackers. The Australian Federal Police are assisting in the investigation, and measures are being taken to enhance cybersecurity protocols across government systems.
Key Points: • Sri Lanka's Treasury lost $2.5 million due to a cyber incident involving misdirected funds. • Initial findings indicate a Business Email Compromise rather than a traditional hack. • Ongoing investigations have revealed missing documents related to a French loan repayment.