Cybernews
  • News
  • Editorial
  • Security
  • Privacy
    • What is a VPN?
    • What is malware?
    • How safe are password managers?
    • Are VPNs legal?
    • More resources
    • Strong password generator
    • Personal data leak checker
    • Antivirus software
    • Best VPN services
    • Password managers
    • Secure email providers
    • Best website builders
    • Best web hosting services
  • Follow
    • Twitter
    • Facebook
    • YouTube
    • Linkedin
    • Flipboard
    • Newsletter

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

Our readers help us create quality content. If you purchase via links on our site, we may receive affiliate commissions. Learn more

Home » News » Hackers strike world’s largest sovereign wealth fund

Hackers strike world’s largest sovereign wealth fund

by Chris Stokel-Walker
18 May 2020
in News
1
Data breach text
372
SHARES

The $10 million attack shows the risk of cybercrime

It’s better known as being the world’s largest wealth fund, managing an estimated $1 trillion of assets created off the back of Norway’s vast oil reserves earning plenty of money on the markets. But Norfund is also the latest victim of a major cyberattack that has made the fund’s reserves a little lighter.

The fund has admitted that it has suffered what it calls “an advance data breach,” which has lost it $10 million of its cash reserves, equivalent to 100 million Norwegian kroner.

“We are now cooperating closely with the police and other relevant authorities to get a full overview of the situation and to pursue and protect our interests,” the fund explains. “We have already introduced measures to strengthen our routines and halted all payments.”

What happened?

The fund themselves aren’t 100% sure how they managed to lose the vast amount of money. However, the phrasing of the blogpost detailing the fraud indicates that it may have been some sort of compromised email account.

“The defrauders manipulated and falsified information exchange between Norfund and the borrowing institution over time in a way that was realistic in structure, content and use of language,” the fund explains. In addition to emails, documents and payment details were also falsified.

The result was that a loan worth $10 million, which was meant to be destined for a microfinance company in Cambodia, ended up in a Mexican bank account. The incident took place on 16 March, and was reported publicly two months later. Police and investigators have been informed, and are trying to ascertain where the money went.

Lessons to be learned

“This is a grave incident,” says Norfund CEO Tellef Thorleifsson. “The fraud clearly shows that we, as an international investor and development organisation, through active use of digital channels are vulnerable. The fact that this has happened shows that our systems and routines are not good enough.” 

Thorleifsson said the fund was taking action to correct the vulnerabilities that had been taken advantage of, and was treating it as an immediate and serious priority. 

The reason the fund went public about being defrauded out of the money was to try and raise awareness of the issue, and to drum up interest in the investigation in the hope of bringing out any leads. “Norfund hopes that by being open about this incident we can contribute to reducing the risk of others being victims of similar fraudulent activities,” the company explained.

An increasingly large problem

Fraud of this type – with potentially massive bounties for the cybercriminals who conduct it – is becoming an increasingly large problem. It’s not just in Norway that this kind of routing or spoofing incidents take place, but Norfund is working with authorities there to try and ascertain what happened. 

The fund didn’t announce the issue publicly before now because of advice from police that it would hinder their initial lines of inquiry throughout the investigation, but decided to be open about it in order to warn others.

That’s been welcomed by authorities. Terje A. Fjeldvær, head of fraud prevention at DNB, Norway’s biggest bank, which runs the account from where the money was taken, has said that “Fraud cases of this kind are performed by very sophisticated criminals. With access to e-mail communication between two parties, they can familiarize themselves with how the parties correspond. The payments they initiate therefore deviate very little from ordinary payments performed by the victimized company and become very hard to detect and prevent.”

Share372TweetShareShare
Comments 1
  1. Andreas F says:
    3 months ago

    dear sir

    Funds (1) and (2) are not identical. Norfund is *not* the Oil fund.

    (1) https://en.wikipedia.org/wiki/Norfund
    (2) https://en.wikipedia.org/wiki/Government_Pension_Fund_of_Norway

    Thank you.

    Reply
Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

I agree to the Terms & Conditions and Privacy Policy.

Editor's choice

500M LinkedIn user records sold on hacker forum
News

Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof

by CyberNews Team
6 April 2021
5

We updated our leak checker database with more than 780,000 email addresses associated with this leak...

Read more
LinkedIn, FB, Twitter, Clubhouse apps seen on an iPhone

Recent Facebook, LinkedIn and Clubhouse leaks explained

15 April 2021
Cheapest tool to kill satellites? A computer

Cheapest tool to kill satellites? A computer

13 April 2021
A gift to criminals and tyrants? Soon, wireless devices could become object sensors

A gift to criminals and tyrants? Soon, wireless devices could become object sensors

13 April 2021
“Not ideal” from a privacy standpoint: Clubhouse API lets “anyone” scrape public user data

“Not ideal” from a privacy standpoint: Clubhouse API lets “anyone” scrape public user data

12 April 2021
  • Categories
    • News
    • Editorial
    • Security
    • Privacy
  • Reviews
    • Antivirus Software
    • Password Managers
    • Best VPN Services
    • Secure Email Providers
    • Website Builders
    • Best Web Hosting Services
  • Tools
    • Password Generator
    • Personal Data Leak Checker
  • Engage
    • About Us
    • Send Us a Tip
    • Careers
  • Twitter
  • Facebook
  • YouTube
  • Linkedin
  • Flipboard
  • Newsletter
  • About Us
  • Contact
  • Send Us a Tip
  • Privacy Policy
  • Terms & Conditions
  • Vulnerability Disclosure

© 2021 CyberNews - Latest tech news, product reviews, and analyses.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.
Subscribe For Security Tips And CyberNews Updates
Email address is required. Provided email address is not valid. You have been successfully subscribed to our newsletter!
Our Privacy Policy and Terms & Conditions

Home

News

Editorial

Security

Privacy

Resources

  • About Us
  • Contact
  • Careers
  • Send Us a Tip

© 2020 CyberNews – Latest tech news, product reviews, and analyses.