Colombo, April 24 Sri Lanka has initiated a multi-agency investigation into a massive cyber fraud that led to the diversion of a government payment of 2.5 million US dollars, the country's Ministry of Finance has said.
The ministry revealed that cyber criminals gained unauthorised access to the External Resources Department's computer system through email, and redirected a payment of 2.5 million US dollars originally intended for an Australian creditor.
Relevant authorities are also working alongside international counterparts to trace the funds and identify those responsible, it said.
The incident came to light when Treasury officials detected unusual changes to account details during a separate payment process linked to India, prompting immediate scrutiny and preventing a further attempted transaction.
Treasury Secretary Harshana Suriyapperuma said swift action allowed authorities to identify the fraud without disrupting ongoing investigations. An internal committee comprising senior officials, including two deputy treasury secretaries, has been appointed to recommend further measures, while disciplinary action has been initiated against those responsible for procedural lapses.
Officials said Sri Lanka has informed the Australian government, creditor institutions, and stakeholders involved in the country's debt restructuring process. Debt experts have indicated that the incident does not affect the country's commitment to meeting its sovereign obligations, Xinhua news agency reported.
The Australian High Commission said it is coordinating closely with Sri Lankan authorities and continues to support the country's efforts toward debt sustainability.
Cyber fraud is a blanket term to describe crimes committed by cyberattackers via the internet. These crimes are committed with the intent to illegally acquire and leverage an individual's or business’s sensitive information for monetary gain.
Common types include phishing, Business Email Compromise (BEC), ransomware, and online shopping scams. Key protections include using strong, unique passwords and enabling multifactor authentication.
Disclaimer: This post has been auto-published from an agency feed without any modifications to the text and has not been reviewed by an editor