The Central Bank of Libya (CBL) has confirmed that it was the target of a cyberattack affecting a limited number of systems and technical services, underscoring the growing threat posed by ransomware operators to critical financial institutions worldwide.
According to an official statement released by the Central Bank on June 9, 2026, the incident impacted specific technical services within its environment. The institution indicated that the disruption was limited in scope and that technical teams had initiated investigations to determine the nature and extent of the attack.
On June 22, 2026, the Qilin ransomware group publicly claimed responsibility for the incident, listing the Central Bank of Libya among its alleged victims. While the threat actor has asserted that it successfully compromised the institution, no details regarding the volume, sensitivity, or type of data allegedly accessed have been publicly disclosed.
At the time of publication, the claims made by Qilin remain unverified by independent sources, and investigations are ongoing.
Qilin is a ransomware-as-a-service (RaaS) operation that has targeted organizations across government, healthcare, manufacturing, education, and financial sectors. The group is known for employing double-extortion tactics, whereby attackers exfiltrate sensitive information before encrypting systems and subsequently threaten to release stolen data if ransom demands are not met.
Cyberattacks targeting central banks and national financial institutions are particularly significant because of their role in maintaining financial stability, managing monetary policy, supporting payment infrastructure, and protecting sensitive financial information. A successful compromise can lead to operational disruption, reputational damage, regulatory concerns, and erosion of public trust.
The Central Bank of Libya has stated that investigations remain ongoing and that efforts are being undertaken to assess the full impact of the incident. Such response activities typically include forensic analysis, containment measures, system restoration, enhanced monitoring, and coordination with relevant cybersecurity and regulatory authorities.
With an ESIX© score of 5.56, the incident reflects a notable cyber event involving a strategically important financial institution. Although the scope of any potential data exposure remains unknown, the attack highlights the continued interest of ransomware groups in targeting organizations responsible for critical national infrastructure.
The incident serves as a reminder that financial institutions must maintain robust cybersecurity programs, including continuous monitoring, network segmentation, multi-factor authentication, regular backup procedures, employee awareness training, and well-rehearsed incident response plans.
As investigations continue, additional information may emerge regarding the nature of the attack, the techniques employed, and any potential impact on data confidentiality or service availability.