Australian rare-earth metals producer Northern Minerals on Tuesday announced that it fell victim to a data breach after a ransomware group published information allegedly stolen from the mining company.
“Northern Minerals Limited advises that it has been the subject of a cyber security breach and was today advised by its cyber security consultant that some of the exfiltrated data has now been released on the dark web,” the company said in a statement (PDF).
The announcement was made shortly after the BianLian ransomware gang published on its Tor-based leak site multiple archives allegedly containing operational, human resources, management, project, and email data stolen from Northern Minerals.
According to the cybergang, the exfiltrated data includes project and mining research data, R&D and financial data, shareholder and investor information, the personal information of employees, and corporate email archives.
“The exfiltrated data included corporate, operational, and financial information and some details relating to current and former personnel and some shareholder information. The process of notifying relevant impacted individuals is underway and ongoing,” Northern Minerals confirmed in its statement.
The mining company revealed that the data breach was discovered in March 2024, when it notified the appropriate authorities and engaged legal, technical, and cybersecurity specialists.
“The breach has not had a material impact on the Company’s operations or broader systems. Since the breach, the Company has reviewed its processes and implemented actions to further strengthen its systems,” Northern Minerals said.
What the mining company did not say was whether it engaged in communication with the hackers, but the fact that the allegedly exfiltrated data was made public suggests that a ransom was not paid.
SecurityWeek has emailed Northern Minerals for additional information on the data breach and will update this article as soon as a reply arrives.
The incident came to light just as Treasurer of Australia Jim Chalmers requested the removal of Chinese investment in Northern Minerals, but the breach is unlikely to have a geopolitical link.
As threat intelligence provider CyberKnow points out, the BianLian cybergang, which typically compromises organizations weeks or months before listing them on its leak site, is most likely financially motivated. Since the beginning of 2024, the group has listed nine mining companies on its website.
Chinese hackers, however, have targeted rare earth mining companies in Australia and North America as part of influence campaigns.
Related: Japan Aviation Electronics Targeted in Ransomware Attack
Related: Ransomware Attack Forces Canadian Mining Company to Shut Down Mill