Site navigation

Cyber-Attack Hits Sovereign Wealth Fund Norfund for $10M

David Paul

,

Norfund

The Norwegian company was fooled into transferring a loan intended for a Cambodian microfinance organisation into an account controlled by hackers.

Norfund, a North Sea wealth fund based in Norway, has lost more than $10 million (£8.2 million) in funds after what the company described as an “advance data breach” of its systems.

The hackers supposedly falsified information exchanges, tricking the company into transferring funds intended to be sent to a finance company based in Cambodia into a separate account owned by the hackers.

Norfund CEO, Tellef Thorleifsson, commented: “This is a grave incident. The fraud clearly shows that we, as an international investor and development organisation, through active use of digital channels are vulnerable.

“The fact that this has happened shows that our systems and routines are not good enough. We have taken immediate and serious action to correct this”

The fraud took place on March 16th but was discovered on April 30th when the hackers made another attempt to hack Norfund’s systems.

Chair of the Board of Directors, Olaug Svara, also commented: “This is a very unfortunate situation. We now must get a full overview of the chain of events to get to the bottom of this.

“Based on the findings, we will introduce further measures and strengthen routines to prevent this from happening again”

Recommended

The company says it is dedicating “considerable resources” to review internal routines and control measures, collaborating closely with the police, Financial Services company DNB and other relevant authorities as well as establishing a crisis management team.

Terje A. Fjeldvær, head of fraud prevention at DNB, said: “Fraud cases of this kind are performed by very sophisticated criminals. With access to e-mail communication between two parties, they can familiarise themselves with how the parties correspond.

“The payments they initiate therefore deviate very little from ordinary payments performed by the victimised company and become very hard to detect and prevent.”

David Paul

Staff Writer, DIGIT

Latest News

%d bloggers like this: