How the world’s largest sovereign wealth fund lost $10m to hackers

Norfund is the Norwegian Investment Fund for developing countries. It is owned and operated by the Norwegian government, investing in and building sustainable businesses that would not otherwise be developed because of the high risks involved.

It is also the world’s largest sovereign wealth fund, created from saved North Sea Oil revenues and currently worth over a trillion dollars.

This makes Norfund a high profile target for organised crime, and led to them losing 10m to hackers.

Social engineering attack

In March 2020, Norfund fell victim to what is commonly known as Business Email Compromise, or CEO fraud. In the attack a hacker was able to manipulate the organisation into sending money to an account controlled by cyber criminals. The Norfund employee who sent the money believed it was going to the intended recipients, a Cambodian microfinance organisation. However, they had become victims of social engineering and the money was gone.

As a result of this, Norfund lost 100m Kroner. The money appeared to have been diverted from the organisation in Cambodia to Mexico. Local and international police have been brought in to investigate.

“This is a grave incident. The fraud clearly shows that we, as an international investor and development organisation, through active use of digital channels are vulnerable…The fact that this has happened shows that our systems and routines are not good enough. We have [to] take immediate and serious action to correct this.”
Tellef Thorleifsson, CEO Norfund

How could this happen?

Investment funds are notoriously secretive about any fraudulent activity that occurs within their organisation. Understandably so, as the damage that an attack can do to a fund’s reputation can be catastrophic – they are trusted with huge amounts of other people’s money after all.

Norfund has received praise for speaking publicly about the incident, and the firm itself released a statement saying ‘Norfund hopes that by being open about this incident we can contribute to reducing the risk of others being victims of similar fraudulent activities.’

Though there are not a lot of details about how this attack happened, there are multiple possibilities. These types of attacks can occur through a simple compromised email accounts, several pwned workstations under the control of hackers, or a fully compromised network.

The hackers and organised criminals who are responsible for these attacks often take their time and are highly skilled in creating a realistic chain of communication. They create false documents to back up their claims and eventually send fake payment details.

The investigation continues

In addition to getting law enforcement involved, Norfund said it is working with the Norwegian Ministry of Foreign Affairs and its bank, DNB, to track down the thief and get the money back. PwC is also being called in to do an evaluation for the IT security setup at the fund.

Security is a major concern for all businesses and creating a secure IT environment should be at the top of any business agenda. To prevent social engineering attacks such as this one staff training should be a top priority. TiG are able to conduct security assessments and training programmes for organisations – Contact us. 

Related insights

Nothing found.

Enabling specialist UK businesses to unleash their true potential.

Get in touch