Cyber Heist Hits Sri Lanka: Hackers Divert $2.5M Meant for Debt Payment in Sophisticated Breach

Harshana Suriyapperuma, Sri Lanka's finance ministry secretary. PIC: Getty Images

Sri Lankan authorities have launched a high-level investigation after hackers infiltrated the country’s finance ministry systems and diverted $2.5 million intended for an international debt repayment, officials confirmed.

The stolen funds were part of a bilateral obligation owed to Australia, with the payment originally scheduled behind a September 2025 settlement deadline. However, the breach believed to have occurred in January, only came to light months later, raising concerns about vulnerabilities in government financial systems.

According to Harshana Suriyapperuma, cybercriminals intercepted the transaction and redirected the funds into unauthorized bank accounts. “Even though Sri Lanka had made the due payments, the cyber criminals had intervened and diverted it to other bank accounts, instead of the intended recipient,” he said during a media briefing.

Initial findings suggest the attackers manipulated email-based payment instructions within the sovereign debt repayment process, a method often associated with business email compromise (BEC) scams. Investigators believe this allowed the hackers to alter banking details without immediate detection.

The breach was only discovered after the Australian creditor reported that the expected payment had not been received. The delay in detection has prompted scrutiny over internal controls and oversight mechanisms within the ministry.

Further suspicion arose when cybercriminals allegedly attempted a similar tactic involving a separate payment to India. That attempt triggered red flags among officials, helping expose the broader scheme.

In response, four senior officials at the Public Debt Management Office have been suspended pending investigation. Authorities are also working with international law enforcement agencies to trace the stolen funds and identify those responsible.

Deputy Finance Minister Anil Jayantha Fernando said efforts are underway to determine how existing safeguards failed and whether any of the diverted money can be recovered. He added that the government is reviewing its cybersecurity protocols to prevent similar incidents in the future.

The incident underscores growing global concerns about cyber threats targeting government financial operations, particularly in countries managing complex debt obligations. As Sri Lanka continues its economic recovery, the breach highlights the critical need for stronger digital security in public finance systems.