In a shocking cyber heist, offshore hackers have stolen 62 billion Ugandan shillings ($16.8 million) from the Bank of Uganda, the country's central bank. The hacking group, known as "Waste," breached the bank's IT systems earlier this month, illegally transferring the funds, with a portion sent to Japan.
According to a report by the state-owned New Vision newspaper, the hackers, believed to be based in Southeast Asia, managed to infiltrate the bank's systems, exploiting weaknesses in its cybersecurity defenses. The incident has raised concerns about the vulnerability of Africa's financial institutions to cyber threats.
The Bank of Uganda has reportedly recovered more than half of the stolen funds, but the incident has sparked an investigation ordered by President Yoweri Museveni. The Daily Monitor, Uganda's leading independent newspaper, has suggested that the theft may have involved collusion by insiders within the central bank, adding a layer of complexity to the investigation.
Cyber thefts targeting banks and financial service providers are common in Uganda, with many institutions reluctant to disclose such incidents publicly, fearing reputational damage and customer alienation. However, the frequency and severity of these attacks are on the rise, with annual estimates placing the cost of cybercrime in Africa between $4 billion and $10 billion.
In October, the Communications Authority of Kenya reported that the country lost approximately Sh10.71 billion ($83 million) to cybercrime in 2023, making Kenya the second most affected country in Africa, following Nigeria. Other countries significantly impacted include Uganda, Botswana, and Lesotho.
In Kenya, businesses and agencies targeted by cyberattacks spent an average of Sh561 million ($4.35 million) to restore their services, highlighting the financial toll of such breaches on the economy. The incident at the Bank of Uganda serves as a stark reminder of the need for African countries to strengthen their cybersecurity defenses and regulatory frameworks to protect their financial institutions and economies from the growing threat of cybercrime.
The rise of cyberattacks in Africa is attributed to the rapid digitization of the continent, which has created new vulnerabilities in the cybersecurity systems of many countries. As Africa continues to adopt digital technologies, it is essential for governments, financial institutions, and businesses to prioritize cybersecurity and invest in robust defenses to protect against the escalating threat of cybercrime.
The incident at the Bank of Uganda is a wake-up call for African countries to take decisive action to strengthen their cybersecurity capabilities, improve regulatory frameworks, and enhance international cooperation to combat the growing menace of cybercrime.