Hackers pose as Australians to steal from Sri Lanka Treasury in a sophisticated cyber fraud incident that exposed vulnerabilities in government payment systems and triggered a multi-agency investigation.
Hackers pose as Australians to steal from Sri Lanka Treasury in cyber fraud case
Sri Lankan authorities have launched a comprehensive investigation after a cyberattack targeting the Treasury’s External Resources Department resulted in a financial loss and exposed critical weaknesses in government digital infrastructure. The incident, in which hackers impersonated representatives of an Australian export financing agency, has raised concerns about cybersecurity resilience within key state institutions.
Deputy Finance Minister Anil Jayantha confirmed that attackers gained unauthorized access to official communication channels by breaching internal computer systems. By intercepting email correspondence, the perpetrators were able to gather sensitive financial information and manipulate payment processes, ultimately diverting funds from the Treasury.
The fraud came to light following a second attempt by the same actors to redirect payments linked to an Indian financial agency. Unlike the initial breach, this attempt triggered suspicion among officials, prompting closer scrutiny of ongoing transactions. According to the Minister, this vigilance played a crucial role in preventing further financial losses and containing the impact of the attack.
Subsequent investigations involved a detailed review of payments made after Sri Lanka’s external debt restructuring process. This audit revealed that the initial fraudulent transaction, estimated to have taken place in January 2026, was linked to funds associated with an Australian credit line. Authorities believe that the attackers exploited weaknesses in verification protocols to successfully execute the transfer.
Hackers pose as Australians to steal from Sri Lanka Treasury has since become a focal point in discussions around strengthening cyber defence mechanisms in the public sector. The Finance Ministry has formally lodged complaints with multiple agencies, including the Criminal Investigation Department, the Computer Crime Investigation Unit, and the Financial Intelligence Unit of the Central Bank. In addition, the Sri Lanka Computer Emergency Readiness Team has been notified to provide technical support and coordinate response measures.
The scale and sophistication of the breach have drawn attention from policymakers and oversight bodies. Harsha de Silva, who heads the Committee on Public Finance (CoPF), stated that he has requested detailed information regarding the incident, including reports suggesting that approximately 2.5 million US dollars may have been compromised. His intervention underscores the need for transparency and accountability in managing public funds.
Cybersecurity experts note that such attacks often rely on social engineering tactics combined with technical infiltration. By impersonating trusted international partners, attackers increase the likelihood of bypassing standard verification procedures. In this case, posing as an Australian agency enabled the hackers to exploit established communication patterns and gain credibility within the system.
The incident also highlights broader systemic risks associated with increasing digitalization in public finance management. While electronic systems have improved efficiency and speed, they have also introduced new vulnerabilities that require constant monitoring and adaptation. Strengthening authentication processes, implementing multi-layer verification systems, and enhancing staff awareness are among the key measures recommended to mitigate similar risks in the future.
Hackers pose as Australians to steal from Sri Lanka Treasury has prompted calls for a comprehensive review of cybersecurity protocols across all government departments handling financial transactions. Experts emphasize that addressing such threats requires not only technological upgrades but also institutional reforms and continuous capacity building.
The Finance Ministry has assured that corrective actions are already underway. These include tightening internal controls, conducting system audits, and collaborating with international partners to trace the flow of stolen funds. Efforts are also being made to recover the diverted assets, although officials acknowledge that cross-border cybercrime investigations can be complex and time-consuming.
As Sri Lanka continues to navigate economic recovery and fiscal consolidation, safeguarding public finances has become increasingly critical. Incidents of this nature not only result in direct financial losses but also risk undermining confidence in government systems and international partnerships.
Moving forward, authorities are expected to prioritize cybersecurity investments and policy reforms to ensure that such breaches do not recur. The case serves as a stark reminder of the evolving threat landscape and the importance of maintaining robust digital safeguards in an increasingly interconnected financial environment.