In September 2020, Levitas Capital, a Sydney-based hedge fund, became the victim of a sophisticated cyber attack that commenced with a deceptive fake Zoom invitation. This breach allowed the attackers to infiltrate the company's email system and deploy malicious software, leading to the unauthorized approval of $8.7 million in fraudulent invoices. The attack exploited vulnerabilities in the fund's operational checks, as the trustee and administrator mistakenly processed the payments without proper verification. Notably, the hackers sent emails masquerading as legitimate requests from Levitas Capital, which led to the transfer of funds to accounts linked to the criminals. The incident not only resulted in significant financial loss for Levitas but also raised serious concerns about the oversight and security protocols within the Australian superannuation industry, particularly in the context of remote work during the pandemic.

• The cyber attack resulted in the fraudulent approval of $8.7 million in invoices, leading to significant financial losses for Levitas Capital.
• A total of $1.2 million was improperly transferred to Unique Star Trading, and an additional $2.5 million and $5 million were sent to companies in Hong Kong and Singapore, respectively, without proper verification.
• The organization lost $781,000 through unauthorized withdrawals made by the cybercriminals, significantly impacting its financial stability.
• Operational capabilities were severely hindered, resulting in the closure of Levitas Capital as its largest institutional client withdrew its funds following the incident.
• The attack exposed vulnerabilities in the oversight of fund administrators and trustees, raising concerns about the integrity of the Australian superannuation industry.
• Data integrity was compromised due to the hackers gaining control of Levitas' email system, enabling them to manipulate transactions.
• Overall, the incident not only led to immediate financial losses but also damaged Levitas Capital's reputation and client trust, culminating in the collapse of the hedge fund.

The cyber attack on Levitas Capital occurred after co-founders Michael Fagan or Michael Brookes clicked on a fake Zoom invitation, which deployed malicious software on the company's network. This breach allowed cyber criminals to gain control of Levitas’ email system, enabling them to send fraudulent invoices that appeared legitimate. Critical failures in verification processes facilitated the attack; despite red flags—such as invoices addressing Levitas instead of its trustee and the absence of prior relationships with the purported vendors—fund administrators and trustees failed to conduct adequate checks.

The administrator, Apex, attempted to verify a transaction but did not receive a timely response from Fagan, allowing the hackers to exploit this gap. They sent emails posing as Fagan to authorize transfers, which were processed without proper verification calls. The overall reliance on manual checks, weakened by a remote work environment during the pandemic, compromised the integrity of the oversight mechanisms. Consequently, multiple transfers totaling over $8 million were approved before the fraud was detected, underscoring systemic vulnerabilities in the fund management industry's security protocols.

Upon discovering the cyber attack, Michael Fagan, co-founder of Levitas Capital, initiated an immediate response by checking the company's bank account. He noticed that $1.2 million had been transferred out to a beneficiary, Unique Star Trading, which raised his suspicions. Realizing the severity of the situation, he made frantic phone calls to issue stop orders on further transactions.

The malware was identified when Fagan checked the account unexpectedly, leading to the discovery of unauthorized transfers. Cyber investigators later determined that the malware had been activated after either Fagan or co-founder Michael Brookes clicked on a fake Zoom invitation. This malicious software allowed cyber criminals to gain control over the company's email system, impersonating Fagan to authorize fraudulent invoices.

To mitigate additional damage, Fagan acted quickly to contact banks and halt further transactions. Fortunately, he managed to retrieve $5 million sent to Singapore and $2.5 million sent to Hong Kong before those funds could be fully cleared.