Treasury Loses $2.5 Million in Business Email Compromise Attack
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A report from the Treasury revealed that cybercriminals executed a Business Email Compromise (BEC) scheme, diverting $2.5 million in debt payments to an unauthorized account. The attack exploited administrative lapses and compromised internal controls within the Treasury's External Resources Department. The funds were meant for a bilateral loan repayment to Australia but were transferred in multiple transactions between November 18, 2025, and mid-January 2026. The Central Bank of Sri Lanka (CBSL) and the Finance Ministry are currently in a dispute over accountability for the incident. The Criminal Investigation Department is collaborating with Interpol and other organizations for recovery efforts. Emergency measures have been implemented to prevent future phishing incidents, including mandatory telephone callbacks for transaction confirmations.
Key Points: • Cybercriminals executed a BEC attack, diverting $2.5 million from the Treasury. • The attack exploited internal control weaknesses during a transitional period in debt management. • The CBSL and Finance Ministry are in conflict over responsibility for the missing funds.