A major financial cybercrime has shaken Sri Lanka, involving $2.5 million (approximately ₹23.75 crore) and raising serious concerns about digital security in government systems. The case is connected to the Ministry of Finance Sri Lanka, specifically its Department of External Resources, where investigators found manipulation in an international payment process.
Authorities clarified that the breach was not caused by a direct system hack. Instead, it was a phishing and impersonation-based fraud. Fake email IDs and spoofed domains were used to intercept official communication. Attackers altered payment instructions meant for an Australian creditor and redirected the funds to an unauthorized bank account. Early findings indicate the involvement of a coordinated cybercrime network.
The Criminal Investigation Department Sri Lanka has intensified its probe, treating the case as a cross-border cybercrime. So far, statements have been recorded from 7 officials linked to the Department of External Resources and the State Debt Management Office. Multiple computer systems, email records, and digital data have been seized and sent for forensic analysis.
Experts are examining email logs, IP addresses, server activity, and data traffic to trace how the fraud was carried out. The Sri Lanka Computer Emergency Readiness Team is assisting with technical support to reconstruct the full attack chain.
Following the incident, 4 senior officials from the finance ministry have been suspended. Investigators believe that along with external attackers, internal procedural gaps may have contributed. Initial findings suggest that multi-layer verification protocols in the payment system were not fully enforced.
A legal advocacy group has raised concerns about delays in submitting the investigation report to the court. It has also submitted 22 questions related to cybersecurity measures, email authentication, payment approvals, and alert systems, demanding greater transparency.
Cybersecurity experts warn that such attacks are part of larger global operations targeting financial systems through advanced phishing techniques. These scams often exploit weak monitoring systems, delayed updates, and gaps in verification processes.
Investigators are now working to identify the full network behind the fraud and determine whether international syndicates or local support were involved. Authorities have indicated that further developments, including possible arrests, may follow.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream LinkedIn | The Mainstream Facebook | The Mainstream Youtube | The Mainstream Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
