The breach came to light on September 23, when Hayle Barise Energy Solutions alerted ISA after failing to receive the expected payment. An internal investigation revealed that cybercriminals had infiltrated ISA’s email system, exploiting it to alter payment details and redirect the funds to a fraudulent account in Dubai. The extent of the breach was detailed in a letter from Ajay Mathur, ISA’s Director General, to India’s Union Minister for New and Renewable Energy, Pralhad Joshi.
“The cyber attacker changed the details of the banks of our international vendors and sent invoices for payments (which had to be made to our vendors) to be paid to the fraudulent bank accounts,” Mathur explained in the letter. He described how the attackers manipulated ISA’s payment process, replacing original emails with fraudulent ones that directed payments to the wrong accounts. As a result, $357,783 (approximately Rs 3 crore) was unwittingly transferred. Mathur noted that this incident could trigger disputes with vendors and banks, complicating efforts to recover the lost funds.
In response, ISA has lodged a police complaint, issued show-cause notices to implicated staff, and swiftly implemented enhanced cybersecurity measures. However, this attack is not an isolated incident. Just weeks earlier, a similar breach compromised the bank account of RENAC AG, a German renewable energy vendor, hinting at a pattern of security failures within ISA.
These repeated breaches point to broader concerns about the organization’s ability to protect international partnerships and funds, particularly at a time when ISA is tasked with mobilizing $1 trillion in solar investments by 2030. Business Email Compromise (BEC) fraud, a sophisticated form of cybercrime, appears to be at the heart of these attacks. BEC fraud involves attackers impersonating legitimate businesses or executives, tricking employees into transferring funds to fraudulent accounts. By leveraging phishing tactics and exploiting weak authentication processes, cybercriminals can make unauthorized changes to payment details, often without detection.
Industry experts emphasize that organizations like ISA must adopt stringent cybersecurity measures to combat such threats. These include implementing rigorous verification protocols to confirm changes in payment instructions, training employees to recognize phishing attempts, and deploying advanced security tools to monitor suspicious activity.
For Somalia, where access to reliable electricity is still limited, the implications of this cyberattack could be devastating. Hayle Barise Energy Solutions plays a crucial role in expanding solar infrastructure, a key component of the country’s efforts to increase energy access. The company, part of the larger Hayle Barise Group, works in partnership with the Somali government and international donors to provide off-grid solar solutions to rural areas. The potential loss of these funds threatens to derail ongoing projects that are vital to improving the country’s energy security.
Founded in 2015 by the Barise family, the Hayle Barise Vocational Training Center offers specialized training in renewable energy, among other trades, aiming to build local capacity in sectors critical to Somalia’s development. The cyberattack now puts that mission at risk, as the company grapples with the financial setback.
ISA, launched by Indian Prime Minister Narendra Modi in 2015, has positioned itself as a key player in the global push for renewable energy. With 101 member countries, including 48 African nations, the alliance seeks to deliver 1,000 GW of solar power worldwide by 2030. Originally focused on tropical countries, ISA has expanded its mandate to include all UN member states, broadening its global influence.
The breach highlights the growing intersection between cybersecurity and global development initiatives, particularly in sectors like renewable energy, where the stakes are high. As organizations like ISA continue to drive ambitious international efforts, their ability to safeguard financial and informational assets will remain under intense scrutiny. The challenge now is to not only recover the stolen funds but also restore confidence in the systems designed to protect these critical resources.





