Thieves spent months inside the networks of the world’s largest sovereign wealth fund before stealing $10 million in what the enterprise is describing as “a serious case of fraud.”
The Norwegian Investment Fund, more commonly known as Norfund, announced Wednesday that scammers stole £8.2 million ($10 million) by spoofing an email address, then fabricating payment information and directing cash into their own account. In a statement, Norfund said the incident is still under investigation, though it acknowledged “that our existing systems and routines were not secure enough.”
Norfund is a Norway state-owned private equity firm which invests in developing countries throughout the world by supporting renewable energy infrastructure and scalable businesses, particularly in the manufacturing and agricultural sectors. This financial heist only is the latest to affect large international firms, following a $29 million scam affecting the publishing conglomerate Nikkei and the attempted theft of $951 million from Bangladesh’s central bank in 2016.
Norfund’s description of the attack seems to match a typical business email compromise, where thieves pose as an executive, co-worker, or other trusted associate to request a transfer of funds. Such attacks have enlisted for a generation, and hackers have shifted their tactics to often spend months lurking inside a system, gathering intelligence to inform their scheme.
Reported losses from BEC attacks totaled $1.7 billion in the U.S. last year, according to FBI figures.
“This is a grave incident,” Norfund chief executive Tellef Thorleifsson said in a statement. “The fraud clearly shows that we, as an international investor and development organisation, through active use of digital channels are vulnerable…We have taken immediate and serious action to correct this.”
Attackers falsified an information exchange between Norfund and a borrowing institution in Cambodia, only to divert the money into an account they controlled in Mexico. Hackers often control bank accounts in countries around the globe, often by renting them from other scammers who take a cut of the illicit funds diverted there. In an unrelated case, U.S. prosecutors have charged a Russian man with leasing accounts to a cybercriminal group that has haunted victims for years.
The incident occurred in March. Norfund says it has hired PwC to review its security systems, and is working with the Norwegian Ministry of Foreign Affairs to investigate.