Ugandan central bank robbed, blames ‘hackers’
- Local media reported that hackers broke into the Ugandan bank’s IT system and transferred $16.8 million
- Subsequent investigation reveals a fraud scheme, with the “hacking” being a cover-up
- Some of the money was recovered
An organized crime group appears to have stolen millions of dollars from Uganda’s central bank and then concocted a story about hacking the bank to cover their tracks.
A report from a local media publication, The monitornotes how news recently emerged of a Southeast Asian threat actor called Waste, which apparently broke into the bank’s IT infrastructure and used the access to steal approximately US$16.8 million (62 billion Ugandan shillings) from the country to send out.
The country’s finance minister, Henry Musasizi, even told the country’s parliament that the reports were true, prompting global news agencies and media outlets such as Reuterspicked up the story.
Organized crime
“It is true that our accounts have been hacked, but not to the extent reported. When this happened, we conducted an audit and an investigation at the same time,” Musasizi apparently initially told the Ugandan parliament.
“To avoid misrepresentation of the facts, I would like to ask the House to be patient and when the audit is completed, which is now in its final stages, I will report back.”
However, newer reports say the investigation uncovered a larger scheme that may have involved insiders.
Apparently, a group made false expenses related to waste management activities in Uganda and sent the money in two batches. One batch, about $7 million, was sent to a bank account in Britain. It was subsequently frozen and is now considered recovered.
The other batch, $6 million, was sent to a bank in Japan, and has not been recovered because the fraudsters on the Japanese side presented “solid and sufficient” paperwork to prove that they had undertaken the mentioned activities against which BoU made the $6 payment. M.”
According to a subsequent investigation conducted by a ‘reputable consultancy firm’, the masterminds of the scheme are located in the Finance Department of the Ministry of Finance and the Office of the Accountant General, ‘with possible involvement of Central Bank employees with approval at the highest level’.
“The perpetrators then created a cover-up story about hacking the Central Bank’s IT infrastructure,” the publication concludes.