SECURITYWEEK NETWORK:

ICS:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Mining Company NioCorp Loses $500,000 in BEC Hack

NioCorp Developments has informed the SEC that it lost $0.5 million after its systems were compromised.
Phishing

US-based mining company NioCorp Developments informed the SEC on Wednesday that it recently lost a significant amount of money after its systems were hacked.

NioCorp, which is currently developing a critical minerals project in the United States, revealed that it discovered a cybersecurity incident on February 14. The incident involved a breach of its information systems, including a portion of its email systems. 

Based on NioCorp’s brief description, the attacker leveraged the compromised email system for what appears to be a business email compromise (BEC) scheme that resulted in “misdirected vendor payments” totaling roughly $500,000. 

Hackers likely used their access to the company’s emails to send legitimate-looking messages designed to convince the recipient to redirect payments to or from a vendor to a bank account controlled by the cybercriminals.

The company has notified financial institutions and law enforcement in an effort to recover the money. Its investigation into the incident is ongoing. 

“Although the Company believes that the cybersecurity incident is limited to the misdirected vendor payments, the Company’s investigation of the cybersecurity incident remains ongoing and the full scope, nature and impact of the cybersecurity incident are not yet known,” NioCorp told the SEC

Advertisement. Scroll to continue reading.

It added, “As of the date of this filing, the Company has not yet determined whether the cybersecurity incident is reasonably likely to materially impact the Company’s overall financial condition or its results of operations, including whether the Company will ultimately be able to recover all or a portion of the misdirected vendor payments.”

Every year the FBI releases a report on cybercrime losses, including losses caused by BEC scams. According to the agency, BEC attacks caused losses totaling $2.9 billion in 2023 and $55 billion between 2013 and 2023. 

Related: US Authorities Attempting to Recover $5.3 Million Stolen in BEC Scam

Related: Nigerian Arrested, Charged in $7.5 Million BEC Scheme Targeting US Charities

Related: Two Nigerians Sentenced to Prison in US for BEC Fraud

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

More from

Latest News

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Webinar: Why Email Security Keeps Failing (And What Has to Change)
July 8, 2026

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

Virtual Event: 2026 Cloud Security Summit
July 16, 2026

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

Mark Carter has been appointed Chief Information Security Officer at Socure.

Spektrum Labs has named Mark Cravotta Chief Operating Officer.

Philip Martin has joined Uber as Chief Information Security Officer.

More People On The Move

Expert Insights

No Exploits Required

Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures.

Popular Topics

Security Community

Stay Intouch

About SecurityWeek

News Tips

Got a confidential news tip? We want to hear from you.

Submit Tip

Advertising

Reach a large audience of enterprise cybersecurity professionals

Contact Us

Daily Briefing Newsletter

Subscribe to the SecurityWeek Daily Briefing and get the latest content delivered to your inbox.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.