Cyber Incident Victim: Commercial Bank of Ceylon

In May 2016, the Turkish hacker group Bozkurtlar (Grey Wolves) claimed responsibility for breaching six international banks, including the Commercial Bank of Ceylon. The group leaked approximately 6.97 GB of data from the Sri Lankan bank, comprising PHP files, financial reports, and server backups. This incident followed earlier breaches attributed to the same group, including attacks on Qatar National Bank and UAE-based InvestBank. The Commercial Bank of Ceylon breach occurred within a week of the group releasing data from five other institutions: Dutch Bangla Bank, The City Bank, Trust Bank, Business Universal Development Bank, and Sanima Bank. Leaked data from these prior breaches included customer transactions, credentials, and contact information. BankInfoSecurity analyzed the leaks, noting the scale of the Commercial Bank of Ceylon breach and suggesting potential use of Hajiv, an SQL injection tool, across all attacks.

The Grey Wolves’ activities formed part of a broader pattern targeting financial institutions. Their earlier breach of Qatar National Bank in April 2016, attributed to an SQL injection vulnerability, involved leaking 1.4 GB of data. InvestBank disputed the originality of its leaked data, claiming it was recycled from a prior incident. The Commercial Bank of Ceylon breach marked the second wave of leaks within a week, with no public statement from the bank confirming or denying the incident. The compromised server backups and financial reports indicated access to backend systems, though the exact intrusion method remained unconfirmed. BankInfoSecurity’s assessment highlighted the operational risks posed by such large-scale data exposures, particularly the inclusion of server backups, which could facilitate further exploitation. The incident underscored persistent vulnerabilities in banking infrastructure amid escalating cybercriminal targeting of financial sector data.