A source at the Central Bank of Libya (CBL) informed Libya Herald that the cyber incident announced on 9 June has been ‘‘fully contained’’. The source explained that ‘‘comprehensive technical investigations were conducted and yielded significant results, while recovery and system restoration work continues according to the approved plan’’.
The Qilin Group?
The CBL has not revealed the source of the security breach and has refrained from commenting on social media reports that the breach was conducted by the Qilin group.
The Qilin Group is a Russian-speaking cybercriminal organization which claimed responsibility for hacking into the CBL’s data and systems. It targeted it with a cyberattack using the Qilin ransomware, which reportedly affected several technical systems and services. This software encrypts the data of the targeted entities, before the hackers demand payment of a financial ransom in exchange for decryption or not leaking the data.
CBL raising level of its cybersecurity
The CBL source added that technical teams are continuing their work to ensure full readiness and enhance system security, as part of precautionary measures aimed at raising the level of cybersecurity within the bank.
No confirmed indications of a breach detected
The source confirmed that, based on the extensive assessments completed so far, no confirmed indications of a breach affecting accounts, balances, or financial assets related to the bank's operations or those of related banking entities have been detected. The source emphasized that the security of data and banking operations remains a top priority.
CBL continues to implement stringent security measures
The source indicated that the CBL continues to implement stringent security measures as part of the recovery process, ensuring the continuity, stability, and reliability of banking services, and maintaining the confidence of the financial sector and its customers.
The source also noted that the bank appreciates the cooperation of the security authorities, companies, and technical institutions that contributed to dealing with the incident, stressing the continuation of monitoring and follow-up work in accordance with the approved technical and institutional controls in the field of cybersecurity and risk management, with readiness to provide any future updates through official channels when needed.