Serviceteam IT Security News
Norway’s state-owned investment fund Norfund has halted all payments after losing $10m in an “advanced data breach.”

Norfund is a private equity company established by the Norwegian Storting in 1997 and owned by the Norwegian Ministry of Foreign Affairs. The fund receives its investment capital from the state budget and is the largest sovereign wealth fund in the world.

On May 13, Norfund announced that it was “cooperating closely with the police and other relevant authorities” after “a series of events” allowed fraudsters to make off with $10m.

The fund said that a data breach allowed defrauders to access information concerning a loan of US$10m from Norfund to a microfinance institution in Cambodia.

Using a mixture of manipulated data and falsified information, the fraudsters managed to impersonate the borrowing institution and divert funds away from the genuine recipient and into their own pockets.

“The defrauders manipulated and falsified information exchange between Norfund and the borrowing institution over time in a way that was realistic in structure, content and use of language. Documents and payment details were falsified,” said a Norfund spokesperson.

Funds were diverted to an account in Mexico under the same name as the Cambodian microfinance institution. The theft took place on March 16 but went undetected until April 30, when the scammers attempted to fraudulently obtain more money.

“This is a very unfortunate situation,” said Olaug Svara, chair of the board of directors. “We now have to get a full overview of the chain of events in order to get to the bottom of this.”

Norfund’s board has engaged PwC to undertake a full review of the company’s security systems and routines.

Norfund CEO Tellef Thorleifsson said: “The fact that this has happened shows that our systems and routines are not good enough. We have taken immediate and serious action to correct this.”

Commenting on how the fraud might have been committed, Chris Hazelton, director of security solutions at Lookout, said: “There is no specific information on how this attack took place, nevertheless, how the threat actors were able to ‘manipulate the communication between Norfund and the intended recipient’ points to either BEC or phishing as a likely entry point for attackers.”

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!