A series of sophisticated cyberattacks on two leading Sri Lankan corporates and a key government entity have exposed the nation’s weak cybersecurity defenses, according to a report by local cybersecurity firm Secualyze.
The attacks were attributed to SideWinder APT, a well-known nation-state threat actor, targeting prominent organizations such as Cargills and Coca-Cola. The operation used phishing websites and malicious payment gateways to steal sensitive user information, including credit card details.
In a separate incident, the Abans Group, a major local corporate, experienced a significant breach, reportedly compromising about 110,000 user records. Secualyze revealed that attackers exploited a critical vulnerability within Abans’ systems, exposing the organization and its users to further risks.
Additionally, the Meteorology Department of Sri Lanka suffered a server-level attack, identified as an advanced persistent threat (APT), potentially allowing ongoing unauthorized access through a backdoor.
Secualyze called these incidents a “wake-up call” for Sri Lanka to strengthen its cybersecurity measures. The firm emphasized the urgent need for the nation to invest in robust cybersecurity infrastructure, educate its citizens about online threats, and implement protective measures to mitigate future risks.
“The stakes have never been higher, and the consequences of inaction could be catastrophic,” warned Secualyze.
The report noted that Sri Lanka has become an increasing target for nation-state hackers in recent years, but its cybersecurity preparedness remains inadequate.
Secualyze, founded by cybersecurity expert Nathaneal Meththananda, specializes in advanced threat detection and response, aiming to tackle these growing challenges.