Uganda's central bank robbed, blames 'hackers'

(Image credit: Shutterstock) (Image credit: Shutterstock.com)

Local media reported hackers broke into Uganda bank's IT system and wired out $16.8 million
Subsequent investigation uncovers a fraud scheme, with the "hacking" being a cover-up story
Part of the money was recovered

An organized criminal group seems to have stolen millions of dollars from Uganda’s central bank, and then made up a story about the bank being hacked, to cover up their tracks.

A report from local media publication, The Monitor, notes how news recently broke of a Southeast Asian threat actor called Waste apparently broke into the bank’s IT infrastructure, and used the access to wire roughly $16.8 million (62 billion Ugandan shillings) out of the country.

The country’s finance minister, Henry Musasizi, even told the country’s parliament that the reports were true, after which global news wire agencies and media, such as Reuters, picked the story up.

Organized crime

"It is true our accounts were hacked into but not to the extent of what is being reported. When this happened, we instituted an audit and at the same time, an investigation," Musasizi apparently initally told Uganda's parliament.

"To avoid misrepresentation of facts, I wish to indulge the House that we be patient that when the audit is finalised, which is now at the tail-end, I come and report."

However, newer reports are saying that the investigation uncovered a larger scheme, possibly including insiders.

Apparently, a group created fake expenditures regarding waste management activities in Uganda, and sent the money out in two batches. One batch, some $7 million, was sent to a bank account in the UK. It was subsequently frozen and is now considered as recovered.

The other batch, $6 million, was sent to a bank in Japan, and has not been recovered because the fraudsters on the Japanese side “presented ‘solid and sufficient’ paperwork to prove that they undertook the said activities against which BoU effected payment of $6m.”

The masterminds of the scheme, according to a subsequent investigation conducted by a "renowned consultancy firm" are in the Ministry of Finance's Treasury department and Accountant General's office, "with possible involvement of Central Bank staff with top level clearance."

"The perpetrators then created a cover-up story of hacking of the Central Bank's IT infrastructure," the publication concludes.

Evolve Bank admits cyberattack saw millions of customers have data stolen
Here's a list of the best firewalls today
These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.