Sri Lanka Ministry of Finance Loses $2.5 Million in Sovereign Debt Repayment to Cyber Attack
AI-generated from multiple sources. Verify before acting on this reporting.
COLOMBO — Cyber criminals successfully diverted $2.5 million in sovereign debt repayments from the Sri Lanka Ministry of Finance to fraudulent accounts in a Business Email Compromise attack, officials confirmed Friday.
The incident involved the Public Debt Management Office (PDMO) and the External Resources Department, two key units within the ministry responsible for managing the nation's external debt obligations. The funds were originally intended for an Australian creditor as part of scheduled debt servicing payments.
The attack occurred on April 25, 2026. Authorities stated that the criminals compromised official email communications to alter banking instructions, redirecting the transfer to accounts controlled by the attackers. The breach represents one of the largest financial losses attributed to cybercrime targeting Sri Lanka's government infrastructure.
The Ministry of Finance has launched an internal investigation to determine the full scope of the compromise. Officials have not disclosed whether the attackers gained access to other sensitive financial data or if additional transactions were affected. The ministry has notified international partners and financial institutions involved in the transaction.
Sri Lanka has faced significant economic challenges in recent years, including a sovereign debt crisis that led to a default in 2022. The loss of $2.5 million in repayment funds complicates ongoing efforts to stabilize the economy and restore confidence among international lenders. The country is currently negotiating with creditors under a restructuring program supported by the International Monetary Fund.
The Business Email Compromise technique used in this attack is a common method employed by criminal groups to intercept financial transactions. Attackers typically pose as legitimate employees or vendors to manipulate payment instructions. In this case, the criminals successfully impersonated authorized personnel within the ministry to execute the fraudulent transfer.
Law enforcement agencies in Sri Lanka are working with international counterparts to trace the stolen funds. The complexity of cross-border cybercrime investigations often delays recovery efforts. Authorities have not indicated whether any suspects have been identified or arrested.
The incident has raised concerns about cybersecurity protocols within Sri Lanka's government agencies. Experts have called for enhanced security measures to protect critical financial systems from similar attacks. The ministry has not announced specific steps being taken to prevent future breaches.
Questions remain about the total financial impact of the attack and whether other government departments were targeted. The ministry has not provided details on the specific vulnerabilities exploited by the criminals. Recovery of the diverted funds remains uncertain as investigators continue to track the money through international banking channels.